Text Form of Oracle Critical Patch Update - January 2016 Risk Matrices
This document provides the text form of the CPUJan2016 Advisory Risk Matrices. Please note that the CVE numbers in this document correspond to the same CVE numbers in the CPUJan2016 Advisory
This page contains the following text format Risk Matrices:
- Oracle Database Server
- Oracle GoldenGate
- Oracle Fusion Middleware
- Oracle Enterprise Manager Grid Control
- Oracle E-Business Suite
- Oracle Supply Chain Products Suite
- Oracle PeopleSoft Products
- Oracle JD Edwards Products
- Oracle iLearning
- Oracle Communications Applications
- Oracle Retail Applications
- Oracle Java SE
- Oracle Sun Systems Products Suite
- Oracle Virtualization
- Oracle MySQL
Text Form of Risk Matrix for Oracle Database Server
This table provides the text form of the Risk Matrix for Oracle Database Server.
| CVE Identifier | Description |
|---|---|
| CVE-2015-4921 | Vulnerability in the Database Vault component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Database Vault accessible data. CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2015-4923 | Vulnerability in the XML Developer's Kit for C component of Oracle Database Server. This vulnerability requires Valid account privileges for a successful attack. Supported versions that are affected are 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of XML Developer's Kit for C. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2015-4925 | Vulnerability in the Workspace Manager component of Oracle Database Server. This vulnerability requires Create Session, Create Table, Create Procedure privileges for a successful attack. The supported version that is affected is 11.2.0.4. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized takeover of Workspace Manager possibly including arbitrary code execution within the Workspace Manager. CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2016-0461 | Vulnerability in the XDB - XML Database component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of XDB - XML Database. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2016-0467 | Vulnerability in the Security component of Oracle Database Server. This vulnerability requires Create Session, Create Java Source privileges for a successful attack. Supported versions that are affected are 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Security accessible data. CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0472 | Vulnerability in the XDB - XML Database component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to all XDB - XML Database accessible data and ability to cause a partial denial of service (partial DOS) of XDB - XML Database. CVSS Base Score 5.5 (Confidentiality and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:P). (legend) [Advisory] |
| CVE-2016-0499 | Vulnerability in the Java VM component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: The CVSS score is 9.0 only on Windows for Database versions prior to 12c. The CVSS is 6.5 (Confidentiality, Integrity and Availability is "Partial+") for Database 12c on Windows and for all other versions of Database on Linux, Unix and other platforms. CVSS Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle GoldenGate
This table provides the text form of the Risk Matrix for Oracle GoldenGate.
| CVE Identifier | Description |
|---|---|
| CVE-2016-0450 | Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate. Supported versions that are affected are 11.2 and 12.1.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via Oracle Golden Gate. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2016-0451 | Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate. Supported versions that are affected are 11.2 and 12.1.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via Oracle Golden Gate. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: The CVSS score is 10.0 only on Windows for Database versions prior to 12c. The CVSS is 7.5 (Confidentiality, Integrity and Availability is "Partial+") for Database 12c on Windows and for all versions of Database on Linux, Unix and other platforms. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2016-0452 | Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate. Supported versions that are affected are 11.2 and 12.1.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via Oracle Golden Gate. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: The CVSS score is 10.0 only on Windows for Database versions prior to 12c. The CVSS is 7.5 (Confidentiality, Integrity and Availability is "Partial+") for Database 12c on Windows and for all versions of Database on Linux, Unix and other platforms. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Fusion Middleware
This table provides the text form of the Risk Matrix for Oracle Fusion Middleware.
| CVE Identifier | Description |
|---|---|
| CVE-2013-2186 | Vulnerability in the Oracle WebLogic Portal component of Oracle Fusion Middleware (subcomponent: Core Services). The supported version that is affected is 10.3.6. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebLogic Portal accessible data as well as read access to a subset of Oracle WebLogic Portal accessible data and ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Portal. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-0107 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: XML Parser). Supported versions that are affected are 10.3.6, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebLogic Server accessible data as well as read access to a subset of Oracle WebLogic Server accessible data and ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-0107 | Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Sites). Supported versions that are affected are 7.6.2 and 11.1.1.8.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebCenter Sites accessible data as well as read access to a subset of Oracle WebCenter Sites accessible data and ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Sites. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2015-1793 | Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: BI Platform Security). Supported versions that are affected are 11.1.1.7.0 and 11.1.1.9.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Business Intelligence Enterprise Edition accessible data as well as read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2015-1793 | Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: SSL/TLS). The supported version that is affected is 12.1.1.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Tuxedo accessible data as well as read access to a subset of Oracle Tuxedo accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2015-1793 | Vulnerability in the Oracle Endeca Server component of Oracle Fusion Middleware (subcomponent: SSL/TLS). Supported versions that are affected are 7.3.0.0, 7.4.0.0, 7.5.0.0 and 7.6.0.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Endeca Server accessible data as well as read access to a subset of Oracle Endeca Server accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2015-4808 | Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.0, 8.5.1 and 8.5.2. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS Base Score would increase to 6.8. CVSS Base Score 1.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2015-6013 | Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.0, 8.5.1 and 8.5.2. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS Base Score would increase to 6.8. CVSS Base Score 1.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2015-6014 | Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.0, 8.5.1 and 8.5.2. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS Base Score would increase to 6.8. CVSS Base Score 1.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2015-6015 | Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.0, 8.5.1 and 8.5.2. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS Base Score would increase to 6.8. CVSS Base Score 1.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2016-0401 | Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware (subcomponent: Scheduler). Supported versions that are affected are 11.1.1.7.0 and 11.1.1.9.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle BI Publisher accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0404 | Vulnerability in the Oracle Identity Federation component of Oracle Fusion Middleware (subcomponent: Admin). The supported version that is affected is 11.1.2.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Identity Federation accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0413 | Vulnerability in the Oracle Identity Federation component of Oracle Fusion Middleware (subcomponent: Federation protocol support). The supported version that is affected is 11.1.1.7. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Identity Federation accessible data. CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0429 | Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware (subcomponent: Scheduler). Supported versions that are affected are 11.1.1.7.0 and 11.1.1.9.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle BI Publisher accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0430 | Vulnerability in the Web Cache component of Oracle Fusion Middleware (subcomponent: SSL Support). Supported versions that are affected are 11.1.1.7.0 and 11.1.1.9.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Web Cache accessible data. CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2016-0432 | Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.0, 8.5.1 and 8.5.2. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS Base Score would increase to 6.8. CVSS Base Score 1.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2016-0433 | Vulnerability in the Web Cache component of Oracle Fusion Middleware (subcomponent: SSL Support). The supported version that is affected is 11.1.1.9.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Web Cache accessible data. CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2016-0439 | Vulnerability in the Web Cache component of Oracle Fusion Middleware (subcomponent: SSL Support). Supported versions that are affected are 11.1.1.7.0 and 11.1.1.9.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Web Cache accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2016-0441 | Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Embedded Server). The supported version that is affected is 3.1.2. Very difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized write access to any arbitrary Operating System location as well as read access to any arbitrary Operating System location and ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GlassFish Server. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:C/I:C/A:P). (legend) [Advisory] |
| CVE-2016-0453 | Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Embedded Server). The supported version that is affected is 3.1.2. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP, but can only be launched from an adjacent network. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle GlassFish Server accessible data. CVSS Base Score 1.8 (Integrity impacts). CVSS V2 Vector: (AV:A/AC:H/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0464 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS-Console). Supported versions that are affected are 10.3.6, 12.1.2 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebLogic Server accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0470 | Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0 and 12.2.1.0.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle BI Publisher accessible data as well as read access to a subset of Oracle BI Publisher accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0572 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Coherence Container). Supported versions that are affected are 10.3.6, 12.1.2, 12.1.3 and 12.2.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized takeover of Oracle WebLogic Server possibly including arbitrary code execution within the Oracle WebLogic Server. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2016-0573 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Java Messaging Service). Supported versions that are affected are 10.3.6, 12.1.2, 12.1.3 and 12.2.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via JMS. Successful attack of this vulnerability can result in unauthorized takeover of Oracle WebLogic Server possibly including arbitrary code execution within the Oracle WebLogic Server. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2016-0574 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6, 12.1.2, 12.1.3 and 12.2.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized takeover of Oracle WebLogic Server possibly including arbitrary code execution within the Oracle WebLogic Server. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2016-0577 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6, 12.1.2, 12.1.3 and 12.2.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via T3. Successful attack of this vulnerability can result in unauthorized takeover of Oracle WebLogic Server possibly including arbitrary code execution within the Oracle WebLogic Server. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2016-0614 | Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0 and 12.2.1.0.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Enterprise Manager Grid Control
This table provides the text form of the Risk Matrix for Oracle Enterprise Manager Grid Control.
| CVE Identifier | Description |
|---|---|
| CVE-2013-1741 | Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Grid Control (subcomponent: Satellite Framework). Supported versions that are affected are Prior to 12.1.4, 12.2.0, 12.2.1 and 12.3.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized takeover of Enterprise Manager Ops Center possibly including arbitrary code execution within the Enterprise Manager Ops Center. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-3583 | Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Grid Control (subcomponent: Update Provisioning). Supported versions that are affected are Prior to 12.1.4, 12.2.0, 12.2.1 and 12.3.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Ops Center accessible data. CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2015-0286 | Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Grid Control (subcomponent: Networking). Supported versions that are affected are Prior to 12.1.4, 12.2.0, 12.2.1 and 12.3.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Ops Center. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2015-1793 | Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Discovery Framework). Supported versions that are affected are 12.1.0.4 and
12.1.0.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Base Platform accessible data as well as read access to a subset of Enterprise Manager Base Platform accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2015-1793 | Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Grid Control (subcomponent: Networking). Supported versions that are affected are Prior to 12.1.4, 12.2.0, 12.2.1 and 12.3.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Ops Center accessible data as well as read access to a subset of Enterprise Manager Ops Center accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2015-3153 | Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Grid Control (subcomponent: Networking). Supported versions that are affected are Prior to 12.1.4, 12.2.0, 12.2.1 and 12.3.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Enterprise Manager Ops Center accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2015-4885 | Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Agent Next Gen). The supported version that is affected is 12.1.0.4. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Enterprise Manager Base Platform accessible data. CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2016-0411 | Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Agent Next Gen). Supported versions that are affected are 11.1.0.1 and
11.2.0.4. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized takeover of Enterprise Manager Base Platform possibly including arbitrary code execution within the Enterprise Manager Base Platform. CVSS Base Score 4.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2016-0415 | Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: UI Framework). Supported versions that are affected are 11.1.0.1,
12.1.0.4 and
12.1.0.5. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Base Platform accessible data as well as read access to a subset of Enterprise Manager Base Platform accessible data and ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2016-0427 | Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: UI Framework). Supported versions that are affected are 11.1.0.1,
11.2.0.4,
12.1.0.4 and
12.1.0.5. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Enterprise Manager Base Platform accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2016-0442 | Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Loader Service). Supported versions that are affected are 12.1.0.4 and 12.1.0.5. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Enterprise Manager Base Platform as well as update, insert or delete access to some Enterprise Manager Base Platform accessible data and read access to a subset of Enterprise Manager Base Platform accessible data. CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2016-0443 | Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Agent Next Gen). Supported versions that are affected are 11.1.0.1,
12.1.0.4 and
12.1.0.5. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to all Enterprise Manager Base Platform accessible data. CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2016-0444 | Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Agent Next Gen). Supported versions that are affected are 11.1.0.1,
11.2.0.4,
12.1.0.4 and
12.1.0.5. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to all Enterprise Manager Base Platform accessible data as well as update, insert or delete access to some Enterprise Manager Base Platform accessible data and ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS Base Score 4.4 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2016-0445 | Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Agent Next Gen). Supported versions that are affected are 11.1.0.1,
11.2.0.4,
12.1.0.4,
12.1.0.5 and . Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized takeover of Enterprise Manager Base Platform possibly including arbitrary code execution within the Enterprise Manager Base Platform. CVSS Base Score 4.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2016-0446 | Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Agent Next Gen). Supported versions that are affected are 11.1.0.1,
11.2.0.4,
12.1.0.4 and
12.1.0.5. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to all Enterprise Manager Base Platform accessible data. CVSS Base Score 2.1 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2016-0447 | Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Agent Next Gen). Supported versions that are affected are 11.1.0.1,
11.2.0.4,
12.1.0.4 and
12.1.0.5. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Base Platform accessible data as well as read access to a subset of Enterprise Manager Base Platform accessible data and ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS Base Score 4.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2016-0449 | Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Agent Next Gen). Supported versions that are affected are 11.1.0.1,
11.2.0.4,
12.1.0.4 and
12.1.0.5. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Base Platform accessible data as well as read access to a subset of Enterprise Manager Base Platform accessible data and ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform . CVSS Base Score 4.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2016-0455 | Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Agent Next Gen). Supported versions that are affected are 11.1.0.1,
11.2.0.4,
12.1.0.4 and
12.1.0.5. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized read access to any arbitrary Operating System location and ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS Base Score 5.2 (Confidentiality and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:C/I:N/A:P). (legend) [Advisory] |
| CVE-2016-0476 | Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Load Testing for Web Apps). Supported versions that are affected are 12.4.0.2 and
12.5.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to all Oracle Application Testing Suite accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2016-0477 | Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Load Testing for Web Apps). Supported versions that are affected are 12.4.0.2 and
12.5.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to all Oracle Application Testing Suite accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2016-0478 | Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Load Testing for Web Apps). Supported versions that are affected are 12.4.0.2 and
12.5.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to all Oracle Application Testing Suite accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2016-0480 | Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Test Manager for Web Apps). Supported versions that are affected are 12.4.0.2 and
12.5.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Application Testing Suite accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2016-0481 | Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Test Manager for Web Apps). Supported versions that are affected are 12.4.0.2 and
12.5.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Application Testing Suite accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2016-0482 | Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Test Manager for Web Apps). Supported versions that are affected are 12.4.0.2 and
12.5.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Application Testing Suite accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2016-0484 | Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Test Manager for Web Apps). Supported versions that are affected are 12.4.0.2 and
12.5.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to all Oracle Application Testing Suite accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2016-0485 | Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Test Manager for Web Apps). Supported versions that are affected are 12.4.0.2 and
12.5.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Application Testing Suite accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2016-0486 | Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Test Manager for Web Apps). Supported versions that are affected are 12.4.0.2 and
12.5.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to all Oracle Application Testing Suite accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2016-0487 | Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Test Manager for Web Apps). Supported versions that are affected are 12.4.0.2 and
12.5.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Testing Suite accessible data as well as read access to a subset of Oracle Application Testing Suite accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0488 | Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Load Testing for Web Apps). Supported versions that are affected are 12.4.0.2 and
12.5.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Testing Suite accessible data as well as read access to a subset of Oracle Application Testing Suite accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0489 | Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Test Manager for Web Apps). Supported versions that are affected are 12.4.0.2 and
12.5.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Testing Suite accessible data as well as read access to a subset of Oracle Application Testing Suite accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Application Testing Suite. CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2016-0490 | Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Test Manager for Web Apps). Supported versions that are affected are 12.4.0.2 and
12.5.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Testing Suite accessible data as well as read access to a subset of Oracle Application Testing Suite accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0491 | Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Load Testing for Web Apps). Supported versions that are affected are 12.4.0.2 and
12.5.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Application Testing Suite accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Application Testing Suite. CVSS Base Score 6.4 (Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:P). (legend) [Advisory] |
| CVE-2016-0492 | Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Load Testing for Web Apps). Supported versions that are affected are 12.4.0.2 and
12.5.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Testing Suite accessible data as well as read access to a subset of Oracle Application Testing Suite accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle E-Business Suite
This table provides the text form of the Risk Matrix for Oracle E-Business Suite.
| CVE Identifier | Description |
|---|---|
| CVE-2015-3195 | Vulnerability in the Oracle HTTP Server component of Oracle E-Business Suite (subcomponent: Open SSL). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2015-4926 | Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: UIX). Supported versions that are affected are 11.5.10.2, 12.1 and 12.2. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Applications Framework accessible data. CVSS Base Score 2.6 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0454 | Vulnerability in the Oracle Mobile Application Servlet component of Oracle E-Business Suite (subcomponent: MWA Server Manager). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Mobile Application Servlet accessible data. CVSS Base Score 2.1 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2016-0456 | Vulnerability in the Application Mgmt Pack for E-Business Suite component of Oracle E-Business Suite (subcomponent: REST Framework). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Application Mgmt Pack for E-Business Suite accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2016-0457 | Vulnerability in the Application Mgmt Pack for E-Business Suite component of Oracle E-Business Suite (subcomponent: REST Framework). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Application Mgmt Pack for E-Business Suite accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2016-0459 | Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup Windows). Supported versions that are affected are 11.5.10.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Applications Framework accessible data. CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0507 | Vulnerability in the Oracle iReceivables component of Oracle E-Business Suite (subcomponent: AR Web Utilities). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle iReceivables accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0509 | Vulnerability in the Oracle Internet Expenses component of Oracle E-Business Suite (subcomponent: AP Web Utilities). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Internet Expenses accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0510 | Vulnerability in the Oracle E-Business Intelligence component of Oracle E-Business Suite (subcomponent: Business Views Catalog). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle E-Business Intelligence accessible data as well as read access to all Oracle E-Business Intelligence accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0511 | Vulnerability in the Oracle E-Business Intelligence component of Oracle E-Business Suite (subcomponent: Common Components). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle E-Business Intelligence accessible data as well as read access to all Oracle E-Business Intelligence accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0512 | Vulnerability in the Oracle Human Resources component of Oracle E-Business Suite (subcomponent: Self Service - Common Modules ). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Human Resources accessible data as well as read access to all Oracle Human Resources accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0513 | Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: BIS Common Components). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle CRM Technical Foundation accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0514 | Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: BIS Common Components). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle CRM Technical Foundation accessible data as well as read access to all Oracle CRM Technical Foundation accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0515 | Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: BIS Common Components). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle CRM Technical Foundation accessible data as well as read access to all Oracle CRM Technical Foundation accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0516 | Vulnerability in the Oracle Quality component of Oracle E-Business Suite (subcomponent: QA / Order Management Integration). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Quality accessible data as well as read access to all Oracle Quality accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0517 | Vulnerability in the Oracle Human Resources component of Oracle E-Business Suite (subcomponent: General utilities). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Human Resources accessible data as well as read access to all Oracle Human Resources accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0518 | Vulnerability in the Oracle Human Resources component of Oracle E-Business Suite (subcomponent: General utilities). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Human Resources accessible data as well as read access to all Oracle Human Resources accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0519 | Vulnerability in the Oracle iReceivables component of Oracle E-Business Suite (subcomponent: AR Web Utilities). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle iReceivables accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0520 | Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Java APIs). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Object Library accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0521 | Vulnerability in the Oracle iProcurement component of Oracle E-Business Suite (subcomponent: Redirection). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle iProcurement accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0523 | Vulnerability in the Oracle Interaction Blending component of Oracle E-Business Suite (subcomponent: Blending Administration). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Interaction Blending accessible data as well as read access to all Oracle Interaction Blending accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0524 | Vulnerability in the Oracle Universal Work Queue component of Oracle E-Business Suite (subcomponent: Work Provider Administration). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Universal Work Queue accessible data as well as read access to all Oracle Universal Work Queue accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0525 | Vulnerability in the Oracle Universal Work Queue component of Oracle E-Business Suite (subcomponent: Work Provider Administration). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Universal Work Queue accessible data as well as read access to all Oracle Universal Work Queue accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0526 | Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Wireless Framework). Supported versions that are affected are 11.5.10.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle CRM Technical Foundation accessible data. CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0527 | Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: User GUI). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Customer Interaction History accessible data as well as read access to a subset of Oracle Customer Interaction History accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0528 | Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: User GUI). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Customer Interaction History accessible data as well as read access to a subset of Oracle Customer Interaction History accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0529 | Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: User GUI). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Customer Interaction History accessible data as well as read access to a subset of Oracle Customer Interaction History accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0530 | Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: User GUI). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Customer Interaction History accessible data as well as read access to a subset of Oracle Customer Interaction History accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0531 | Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: Oracle Diagnostics Interfaces). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Applications Manager accessible data. CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0532 | Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Security Assignments). Supported versions that are affected are 11.5.10.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle CRM Technical Foundation accessible data as well as read access to a subset of Oracle CRM Technical Foundation accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0533 | Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Messaging). Supported versions that are affected are 11.5.10.2 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle CRM Technical Foundation accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0534 | Vulnerability in the Oracle Project Contracts component of Oracle E-Business Suite (subcomponent: Printing). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Project Contracts accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0536 | Vulnerability in the Oracle Universal Work Queue component of Oracle E-Business Suite (subcomponent: Error Messages). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Universal Work Queue accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0537 | Vulnerability in the Oracle Human Resources component of Oracle E-Business Suite (subcomponent: Person). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Human Resources accessible data as well as read access to all Oracle Human Resources accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0538 | Vulnerability in the Oracle Financial Consolidation Hub component of Oracle E-Business Suite (subcomponent: Business Intelligence). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Financial Consolidation Hub accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2016-0539 | Vulnerability in the Oracle Report Manager component of Oracle E-Business Suite (subcomponent: Report Display). Supported versions that are affected are 11.5.10.2, 12.1.3, 12.2.3 and 12.2.4. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Report Manager accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2016-0542 | Vulnerability in the Oracle Field Service component of Oracle E-Business Suite (subcomponent: Field Service Map). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Field Service accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0543 | Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: Preview). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Marketing accessible data as well as read access to all Oracle Marketing accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0544 | Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: Architecture). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Marketing accessible data as well as read access to all Oracle Marketing accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0545 | Vulnerability in the Oracle Customer Intelligence component of Oracle E-Business Suite (subcomponent: Data Issues). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Customer Intelligence accessible data as well as read access to all Oracle Customer Intelligence accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0547 | Vulnerability in the Oracle E-Business Intelligence component of Oracle E-Business Suite (subcomponent: Common Components). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle E-Business Intelligence accessible data as well as read access to all Oracle E-Business Intelligence accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0548 | Vulnerability in the Oracle E-Business Intelligence component of Oracle E-Business Suite (subcomponent: Common Components). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle E-Business Intelligence accessible data as well as read access to all Oracle E-Business Intelligence accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0549 | Vulnerability in the Oracle E-Business Intelligence component of Oracle E-Business Suite (subcomponent: Common Components). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle E-Business Intelligence accessible data as well as read access to all Oracle E-Business Intelligence accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0550 | Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: CRM HTML Administration). Supported versions that are affected are 11.5.10.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle CRM Technical Foundation accessible data as well as read access to all Oracle CRM Technical Foundation accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0551 | Vulnerability in the Oracle Customer Intelligence component of Oracle E-Business Suite (subcomponent: Data Issues). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Customer Intelligence accessible data as well as read access to all Oracle Customer Intelligence accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0552 | Vulnerability in the Oracle Customer Intelligence component of Oracle E-Business Suite (subcomponent: Data Issues). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Customer Intelligence accessible data as well as read access to all Oracle Customer Intelligence accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0553 | Vulnerability in the Oracle E-Business Intelligence component of Oracle E-Business Suite (subcomponent: Definition). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle E-Business Intelligence accessible data as well as read access to all Oracle E-Business Intelligence accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0554 | Vulnerability in the Oracle Interaction Center Intelligence component of Oracle E-Business Suite (subcomponent: Business Intelligence). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Interaction Center Intelligence accessible data as well as read access to all Oracle Interaction Center Intelligence accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0555 | Vulnerability in the Oracle CADView-3D component of Oracle E-Business Suite (subcomponent: Studio). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle CADView-3D accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0556 | Vulnerability in the Oracle Advanced Collections component of Oracle E-Business Suite (subcomponent: Administration). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Advanced Collections accessible data as well as read access to all Oracle Advanced Collections accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0557 | Vulnerability in the Oracle Advanced Collections component of Oracle E-Business Suite (subcomponent: Administration). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Advanced Collections accessible data as well as read access to all Oracle Advanced Collections accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0558 | Vulnerability in the Oracle Service Contracts component of Oracle E-Business Suite (subcomponent: Renewals). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Service Contracts accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0559 | Vulnerability in the Oracle Customer Intelligence component of Oracle E-Business Suite (subcomponent: Data Issues). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Customer Intelligence accessible data as well as read access to all Oracle Customer Intelligence accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0560 | Vulnerability in the Oracle Customer Intelligence component of Oracle E-Business Suite (subcomponent: Data Issues). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Customer Intelligence accessible data as well as read access to all Oracle Customer Intelligence accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0561 | Vulnerability in the Oracle E-Business Intelligence component of Oracle E-Business Suite (subcomponent: Definition). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle E-Business Intelligence accessible data as well as read access to all Oracle E-Business Intelligence accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0562 | Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: CRM User Management Framework). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Common Applications accessible data. CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0563 | Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Common Techstack). Supported versions that are affected are 11.5.10.2 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle CRM Technical Foundation accessible data as well as read access to all Oracle CRM Technical Foundation accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0564 | Vulnerability in the Oracle E-Business Intelligence component of Oracle E-Business Suite (subcomponent: Overview Page/Report Rendering). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle E-Business Intelligence accessible data as well as read access to all Oracle E-Business Intelligence accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0565 | Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: Marketing Administration). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Marketing accessible data. CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0566 | Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: Deliverables). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Marketing accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2016-0567 | Vulnerability in the Oracle E-Business Intelligence component of Oracle E-Business Suite (subcomponent: Embedded Data Warehouse). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle E-Business Intelligence accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2016-0568 | Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: Server Components). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Email Center accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2016-0569 | Vulnerability in the Oracle E-Business Intelligence component of Oracle E-Business Suite (subcomponent: Overview Page/Report Rendering). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle E-Business Intelligence accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2016-0570 | Vulnerability in the Oracle HCM Configuration Workbench component of Oracle E-Business Suite (subcomponent: Internal Operations). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle HCM Configuration Workbench accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2016-0571 | Vulnerability in the Oracle Balanced Scorecard component of Oracle E-Business Suite (subcomponent: Scorecard Security). Supported versions that are affected are 11.5.10.2 and 12.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Balanced Scorecard accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2016-0575 | Vulnerability in the Oracle Learning Management component of Oracle E-Business Suite (subcomponent: OTA Self Service). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Learning Management accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0576 | Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: ICX LOVs). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Application Object Library accessible data as well as read access to all Oracle Application Object Library accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0578 | Vulnerability in the Oracle CRM Technology Foundation component of Oracle E-Business Suite (subcomponent: BIS Common Components). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle CRM Technology Foundation accessible data as well as read access to all Oracle CRM Technology Foundation accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0579 | Vulnerability in the Oracle CRM Technology Foundation component of Oracle E-Business Suite (subcomponent: BIS Common Components). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle CRM Technology Foundation accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0580 | Vulnerability in the Oracle Report Manager component of Oracle E-Business Suite (subcomponent: Publishing). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Report Manager. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2016-0581 | Vulnerability in the Oracle Approvals Management component of Oracle E-Business Suite (subcomponent: AME Page rendering). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Approvals Management accessible data as well as read access to all Oracle Approvals Management accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0582 | Vulnerability in the Oracle CRM Technology Foundation component of Oracle E-Business Suite (subcomponent: BIS Common Components). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle CRM Technology Foundation accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0583 | Vulnerability in the Oracle CRM Technology Foundation component of Oracle E-Business Suite (subcomponent: BIS Common Components). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle CRM Technology Foundation accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0584 | Vulnerability in the Oracle CRM Technology Foundation component of Oracle E-Business Suite (subcomponent: BIS Common Components). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle CRM Technology Foundation accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0585 | Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: ICX Error). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Application Object Library. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2016-0586 | Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: iHelp). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Object Library accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0588 | Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Consolidation Hierarchy Viewer). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle General Ledger accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0589 | Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Menu). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Application Object Library accessible data as well as read access to all Oracle Application Object Library accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Supply Chain Products Suite
This table provides the text form of the Risk Matrix for Oracle Supply Chain Products Suite.
| CVE Identifier | Description |
|---|---|
| CVE-2015-4924 | Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.1.1, 9.3.1.2, 9.3.2 and 9.3.3. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Agile PLM accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0497 | Vulnerability in the Oracle Agile Engineering Data Management component of Oracle Supply Chain Products Suite (subcomponent: Web Client). Supported versions that are affected are 6.1.2.2, 6.1.3.0 and 6.2.0.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Agile Engineering Data Management accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0498 | Vulnerability in the Oracle Agile Engineering Data Management component of Oracle Supply Chain Products Suite (subcomponent: Install). Supported versions that are affected are 6.1.2.2, 6.1.3.0 and 6.2.0.0. Difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized read access to all Oracle Agile Engineering Data Management accessible data. CVSS Base Score 1.5 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2016-0540 | Vulnerability in the Oracle Configurator component of Oracle Supply Chain Products Suite (subcomponent: UI Servlet). Supported versions that are affected are 11.5.10.2, 12.1 and 12.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Configurator accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2016-0541 | Vulnerability in the Oracle Configurator component of Oracle Supply Chain Products Suite (subcomponent: UI Servlet). Supported versions that are affected are 11.5.10.2, 12.1 and 12.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Configurator accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle PeopleSoft Products
This table provides the text form of the Risk Matrix for Oracle PeopleSoft Products.
| CVE Identifier | Description |
|---|---|
| CVE-2016-0409 | Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Switzerland component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 9.1 and 9.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM Global Payroll Switzerland accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2016-0412 | Vulnerability in the PeopleSoft Enterprise SCM eProcurement component of Oracle PeopleSoft Products (subcomponent: Manage Requisition Status). Supported versions that are affected are 9.1 and 9.2. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise SCM eProcurement accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0460 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Homepage and NavBar). The supported version that is affected is 8.55. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0462 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Multichannel Framework). Supported versions that are affected are 8.53 and 8.54. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2016-0463 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.53, 8.54 and 8.55. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2016-0471 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Multichannel Framework). Supported versions that are affected are 8.53 and 8.54. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2016-0473 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Core). Supported versions that are affected are 8.54 and 8.55. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0474 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.54 and 8.55. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0587 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: File Processing). Supported versions that are affected are 8.53, 8.54 and 8.55. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2016-0590 | Vulnerability in the PeopleSoft Enterprise SCM Order Management component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 9.1 and 9.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise SCM Order Management accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0591 | Vulnerability in the PeopleSoft Enterprise SCM Purchasing component of Oracle PeopleSoft Products (subcomponent: Supplier Change). Supported versions that are affected are 9.1 and 9.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise SCM Purchasing accessible data as well as read access to a subset of PeopleSoft Enterprise SCM Purchasing accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle JD Edwards Products
This table provides the text form of the Risk Matrix for Oracle JD Edwards Products.
| CVE Identifier | Description |
|---|---|
| CVE-2015-4919 | Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Monitoring and Diagnostics SEC). Supported versions that are affected are 9.1 and 9.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized takeover of JD Edwards EnterpriseOne Tools possibly including arbitrary code execution within the JD Edwards EnterpriseOne Tools. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2016-0420 | Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Monitoring and Diagnostics). Supported versions that are affected are 9.1 and 9.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 7.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory] |
| CVE-2016-0421 | Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Monitoring and Diagnostics SEC). Supported versions that are affected are 9.1 and 9.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2016-0422 | Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Enterprise Infrastructure SEC). Supported versions that are affected are 9.1 and 9.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 7.1 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C). (legend) [Advisory] |
| CVE-2016-0423 | Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Enterprise Infrastructure SEC). Supported versions that are affected are 9.1 and 9.2. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized write access to any arbitrary Operating System location as well as read access to any arbitrary Operating System location and ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools. CVSS Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:P). (legend) [Advisory] |
| CVE-2016-0424 | Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Enterprise Infrastructure SEC). Supported versions that are affected are 9.1 and 9.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 7.1 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C). (legend) [Advisory] |
| CVE-2016-0425 | Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Monitoring and Diagnostics). Supported versions that are affected are 9.1 and 9.2. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized takeover of JD Edwards EnterpriseOne Tools possibly including arbitrary code execution within the JD Edwards EnterpriseOne Tools. CVSS Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle iLearning
This table provides the text form of the Risk Matrix for Oracle iLearning.
| CVE Identifier | Description |
|---|---|
| CVE-2016-0508 | Vulnerability in the Oracle iLearning component of Oracle iLearning (subcomponent: Learner Administration). Supported versions that are affected are 6.0 and 6.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle iLearning accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Communications Applications
This table provides the text form of the Risk Matrix for Oracle Communications Applications.
| CVE Identifier | Description |
|---|---|
| CVE-2014-0050 | Vulnerability in the Oracle Communications Service Broker component of Oracle Communications Applications (subcomponent: Apache Commons FileUpLoad). Supported versions that are affected are 6.0 and 6.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP, but can only be launched from an adjacent network. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Communications Service Broker accessible data as well as read access to a subset of Oracle Communications Service Broker accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Communications Service Broker. CVSS Base Score 5.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:A/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-0050 | Vulnerability in the Oracle Communications Service Broker Engineered System Edition component of Oracle Communications Applications (subcomponent: Apache Commons FileUpLoad). The supported version that is affected is 6.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Communications Service Broker Engineered System Edition accessible data as well as read access to a subset of Oracle Communications Service Broker Engineered System Edition accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2014-0050 | Vulnerability in the Oracle Communications Converged Application Server - Service Controller component of Oracle Communications Applications (subcomponent: Apache Commons FileUpLoad). The supported version that is affected is 6.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP, but can only be launched from an adjacent network. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Communications Converged Application Server - Service Controller accessible data as well as read access to a subset of Oracle Communications Converged Application Server - Service Controller accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Communications Converged Application Server - Service Controller. CVSS Base Score 5.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:A/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-0050 | Vulnerability in the Oracle Communications Online Mediation Controller component of Oracle Communications Applications (subcomponent: Apache Commons FileUpLoad). The supported version that is affected is 6.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP, but can only be launched from an adjacent network. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Communications Online Mediation Controller accessible data as well as read access to a subset of Oracle Communications Online Mediation Controller accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Communications Online Mediation Controller. CVSS Base Score 5.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:A/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2015-0235 | Vulnerability in the Oracle Communications EAGLE LNP Application Processor component of Oracle Communications Applications (subcomponent: Glibc). The supported version that is affected is 10.0. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Communications EAGLE LNP Application Processor accessible data as well as read access to a subset of Oracle Communications EAGLE LNP Application Processor accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Communications EAGLE LNP Application Processor. CVSS Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Retail Applications
This table provides the text form of the Risk Matrix for Oracle Retail Applications.
| CVE Identifier | Description |
|---|---|
| CVE-2016-0434 | Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: Mobile POS). Supported versions that are affected are 13.4,
14.0 and
14.1. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Point-of-Service accessible data. CVSS Base Score 1.9 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2016-0435 | Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: Mobile POS). Supported versions that are affected are 13.4,
14.0 and
14.1. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Retail Point-of-Service accessible data as well as read access to all Oracle Retail Point-of-Service accessible data. CVSS Base Score 3.3 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0436 | Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: Mobile POS). Supported versions that are affected are 13.4,
14.0 and
14.1. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Point-of-Service accessible data. CVSS Base Score 1.9 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2016-0437 | Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: Mobile POS). Supported versions that are affected are 13.4,
14.0 and
14.1. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Point-of-Service accessible data. CVSS Base Score 1.9 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2016-0438 | Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: Mobile POS). Supported versions that are affected are 13.4,
14.0 and
14.1. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Point-of-Service accessible data. CVSS Base Score 1.9 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2016-0496 | Vulnerability in the MICROS CWDirect component of Oracle Retail Applications (subcomponent: Order Entry). Supported versions that are affected are 12.5,
13.0,
14.0,
15.0,
16.0 and
17.0
18.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of MICROS CWDirect accessible data. CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2016-0500 | Vulnerability in the Oracle Retail Order Broker Cloud Service component of Oracle Retail Applications (subcomponent: System Administration). Supported versions that are affected are 4.0 and 4.1.. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized takeover of Oracle Retail Order Broker Cloud Service possibly including arbitrary code execution within the Oracle Retail Order Broker Cloud Service. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2016-0506 | Vulnerability in the Oracle Retail Order Management System Cloud Service component of Oracle Retail Applications (subcomponent: Order Entry). Supported versions that are affected are 3.5,
4.5,
4.7,
5.0 and
15.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Order Management System Cloud Service accessible data. CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2016-0522 | Vulnerability in the Oracle Retail Open Commerce Platform Cloud Service component of Oracle Retail Applications (subcomponent: Framework). Supported versions that are affected are 3.5,
4.5,
4.7 and
5.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized takeover of Oracle Retail Open Commerce Platform Cloud Service possibly including arbitrary code execution within the Oracle Retail Open Commerce Platform Cloud Service. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Java SE
This table provides the text form of the Risk Matrix for Oracle Java SE.
| CVE Identifier | Description |
|---|---|
| CVE-2015-7575 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u105, 7u91 and 8u66; Java SE Embedded: 8u65; JRockit: R28.3.8. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, Java SE Embedded, JRockit accessible data as well as read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS Base Score 4.0 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2015-8126 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u105, 7u91 and 8u66; Java SE Embedded: 8u65. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2016-0402 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u105, 7u91 and 8u66; Java SE Embedded: 8u65. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, Java SE Embedded accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0448 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u105, 7u91 and 8u66; Java SE Embedded: 8u65. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2016-0466 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u105, 7u91 and 8u66; Java SE Embedded: 8u65; JRockit: R28.3.8. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2016-0475 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u66; Java SE Embedded: 8u65; JRockit: R28.3.8. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, Java SE Embedded, JRockit accessible data as well as read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS Base Score 5.8 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0483 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u105, 7u91 and 8u66; Java SE Embedded: 8u65; JRockit: R28.3.8. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2016-0494 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u105, 7u91 and 8u66; Java SE Embedded: 8u65. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Sun Systems Products Suite
This table provides the text form of the Risk Matrix for Oracle Sun Systems Products Suite.
| CVE Identifier | Description |
|---|---|
| CVE-2015-1793 | Vulnerability in the Oracle Switch ES1-24 component of Oracle Sun Systems Products Suite (subcomponent: Firmware). The supported version that is affected is Versions prior to 1.3.1.13. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Switch ES1-24 accessible data as well as read access to a subset of Oracle Switch ES1-24 accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2015-4920 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: NDMP Backup Service). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data. Note: Unsupported Solaris 11.x versions should be upgraded to a supported release or patch set. Refer to the Critical Patch Update January 2015 Patch Availability Document for Oracle Sun Systems Products Suite. CVSS Base Score 2.1 (Integrity impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2015-4922 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Boot). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. Note: Unsupported Solaris 11.x versions should be upgraded to a supported release or patch set. Refer to the Critical Patch Update January 2015 Patch Availability Document for Oracle Sun Systems Products Suite. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2015-8370 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Grub2). The supported version that is affected is 11. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2016-0403 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: SMB Utilities). The supported version that is affected is 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via SMB. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). Note: Unsupported Solaris 11.x versions should be upgraded to a supported release or patch set. Refer to the Critical Patch Update January 2015 Patch Availability Document for Oracle Sun Systems Products Suite. CVSS Base Score 7.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory] |
| CVE-2016-0405 | Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: Cluster Manageability and Serviceability). Supported versions that are affected are 3.3 and 4. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized read access to a subset of Solaris Cluster accessible data. CVSS Base Score 1.7 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2016-0406 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Libc Library). The supported version that is affected is 11. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 3.3 (Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P). (legend) [Advisory] |
| CVE-2016-0414 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Solaris Kernel Zones). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Unsupported Solaris 11.x versions should be upgraded to a supported release or patch set. Refer to the Critical Patch Update January 2015 Patch Availability Document for Oracle Sun Systems Products Suite. CVSS Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2016-0416 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: System Archive Utility). The supported version that is affected is 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data. Note: Unsupported Solaris 11.x versions should be upgraded to a supported release or patch set. Refer to the Critical Patch Update January 2015 Patch Availability Document for Oracle Sun Systems Products Suite. CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0417 | Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: HA for MySQL). Supported versions that are affected are 3.3 and 4.2. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris Cluster accessible data as well as read access to a subset of Solaris Cluster accessible data and ability to cause a partial denial of service (partial DOS) of Solaris Cluster. CVSS Base Score 4.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2016-0418 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Solaris Kernel Zones). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS) as well as update, insert or delete access to some Solaris accessible data and read access to a subset of Solaris accessible data. Note: Unsupported Solaris 11.x versions should be upgraded to a supported release or patch set. Refer to the Critical Patch Update January 2015 Patch Availability Document for Oracle Sun Systems Products Suite. CVSS Base Score 6.1 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:C). (legend) [Advisory] |
| CVE-2016-0419 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Solaris Kernel Zones). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). Note: Unsupported Solaris 11.x versions should be upgraded to a supported release or patch set. Refer to the Critical Patch Update January 2015 Patch Availability Document for Oracle Sun Systems Products Suite. CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory] |
| CVE-2016-0426 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Solaris Kernel Zones). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris. Note: Unsupported Solaris 11.x versions should be upgraded to a supported release or patch set. Refer to the Critical Patch Update January 2015 Patch Availability Document for Oracle Sun Systems Products Suite. CVSS Base Score 3.6 (Confidentiality and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:P). (legend) [Advisory] |
| CVE-2016-0428 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Verified Boot). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). Note: Unsupported Solaris 11.x versions should be upgraded to a supported release or patch set. Refer to the Critical Patch Update January 2015 Patch Availability Document for Oracle Sun Systems Products Suite. CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory] |
| CVE-2016-0431 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Solaris Kernel Zones). The supported version that is affected is 11. Very difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. Note: Unsupported Solaris 11.x versions should be upgraded to a supported release or patch set. Refer to the Critical Patch Update January 2015 Patch Availability Document for Oracle Sun Systems Products Suite. CVSS Base Score 1.2 (Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2016-0440 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: NFSv4). The supported version that is affected is 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via NFS. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 7.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory] |
| CVE-2016-0458 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel DAX). The supported version that is affected is 11. Very difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:N/C:N/I:N/A:C). (legend) [Advisory] |
| CVE-2016-0465 | Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: Resource Group Manager). Supported versions that are affected are 3.3 and 4. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory] |
| CVE-2016-0493 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Cryptography). The supported version that is affected is 11. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 3.3 (Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P). (legend) [Advisory] |
| CVE-2016-0535 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RPC). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows successful unauthenticated network attacks via RPC. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 4.3 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2016-0618 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Zones). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System plus additional, multiple logins to components. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized read access to a subset of Solaris accessible data. CVSS Base Score 1.4 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:M/C:P/I:N/A:N). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Virtualization
This table provides the text form of the Risk Matrix for Oracle Virtualization.
| CVE Identifier | Description |
|---|---|
| >CVE-2015-3183 | Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: Apache HTTP Server). Supported versions that are affected are 4.63, 4.71 and 5.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Secure Global Desktop accessible data. CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2015-4000 | Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: OpenSSL). Supported versions that are affected are 4.63, 4.71 and 5.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Secure Global Desktop accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2015-5307 | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are VirtualBox prior to 4.0.36, prior to 4.1.44, prior to 4.2.36, prior to 4.3.34 and prior to 5.0.10. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory] |
| CVE-2015-7183 | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are VirtualBox prior to 4.0.36, prior to 4.1.44, prior to 4.2.36, prior to 4.3.34 and prior to 5.0.10. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle VM VirtualBox accessible data as well as read access to a subset of Oracle VM VirtualBox accessible data and ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2015-8104 | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are VirtualBox prior to 4.0.36, prior to 4.1.44, prior to 4.2.36, prior to 4.3.34 and prior to 5.0.10. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 4.7 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:C). (legend) [Advisory] |
| CVE-2016-0495 | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are VirtualBox prior to 4.3.36 and prior to 5.0.14. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS Base Score 4.3 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2016-0501 | Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: SGD Core). The supported version that is affected is 5.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via WebSocket. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Secure Global Desktop. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2016-0592 | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are VirtualBox prior to 4.3.36 and prior to 5.0.14. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2016-0602 | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Windows Installer). The supported version that is affected is VirtualBox prior to 5.0.14. Very difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle MySQL
This table provides the text form of the Risk Matrix for Oracle MySQL.
| CVE Identifier | Description |
|---|---|
| CVE-2015-7744 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.45 and earlier and 5.6.26 and earlier. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS Base Score 2.6 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2016-0502 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.31 and earlier and 5.6.11 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2016-0503 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.6.27 and earlier and 5.7.9. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2016-0504 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.6.27 and earlier and 5.7.9. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 6.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C). (legend) [Advisory] |
| CVE-2016-0505 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.46 and earlier, 5.6.27 and earlier and 5.7.9. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 6.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C). (legend) [Advisory] |
| CVE-2016-0546 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client). Supported versions that are affected are 5.5.46 and earlier, 5.6.27 and earlier and 5.7.9. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: The CVSS score is 7.2 if MySQL client is run with admin or root privileges. Otherwise, CVSS score is 4.6 (Confidentiality, Integrity and Availability is Partial+). CVSS Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2016-0594 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.6.21 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2016-0595 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.6.27 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2016-0596 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.46 and earlier and 5.6.27 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2016-0597 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.46 and earlier, 5.6.27 and earlier and 5.7.9. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2016-0598 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.46 and earlier, 5.6.27 and earlier and
5.7.9. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2016-0599 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). The supported version that is affected is 5.7.9. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2016-0600 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.5.46 and earlier, 5.6.27 and earlier and
5.7.9. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2016-0601 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). The supported version that is affected is 5.7.9. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2016-0605 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: General). Supported versions that are affected are 5.6.26 and earlier. Very difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2016-0606 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.46 and earlier, 5.6.27 and earlier and
5.7.9. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some MySQL Server accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2016-0607 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.27 and earlier and 5.7.9. Difficult to exploit vulnerability allows successful network attacks via multiple protocols, requiring multiple authentications. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 2.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:M/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2016-0608 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: UDF). Supported versions that are affected are 5.5.46 and earlier, 5.6.27 and earlier and
5.7.9. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2016-0609 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.46 and earlier, 5.6.27 and earlier and
5.7.9. Very difficult to exploit vulnerability allows successful network attacks via multiple protocols, requiring multiple authentications. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 1.7 (Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:M/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2016-0610 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.27 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2016-0611 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.27 and earlier and 5.7.9. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2016-0616 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.46 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |