Text Form of Oracle Critical Patch Update - July 2014 Risk Matrices
This document provides the text form of the CPUJul2014 Advisory Risk Matrices. Please note that the CVE numbers in this document correspond to the same CVE numbers in the CPUJul2014 Advisory
This page contains the following text format Risk Matrices:
- Oracle Database Server
- Oracle Fusion Middleware
- Oracle Hyperion
- Oracle Enterprise Manager Grid Control
- Oracle E-Business Suite
- Oracle Supply Chain Products Suite
- Oracle PeopleSoft Products
- Oracle Siebel CRM
- Oracle Communications Applications
- Oracle Retail Applications
- Oracle Java SE
- Oracle and Sun Systems Products Suite
- Oracle Virtualization
- Oracle MySQL
Text Form of Risk Matrix for Oracle Database Server
This table provides the text form of the Risk Matrix for Oracle Database Server.
| CVE Identifier | Description |
|---|---|
| CVE-2013-3751 | Vulnerability in the XML Parser component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. The supported version that is affected is 12.1.0.1. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2013-3774 | Vulnerability in the Network Layer component of Oracle Database Server. The supported version that is affected is 12.1.0.1. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2014-4236 | Vulnerability in the RDBMS Core component of Oracle Database Server. This vulnerability requires Create Session, Grant on DBMS_REDACT privileges for a successful attack. Supported versions that are affected are 11.2.0.4 and 12.1.0.1. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized takeover of RDBMS Core possibly including arbitrary code execution within the RDBMS Core. CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-4237 | Vulnerability in the RDBMS Core component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.2.0.4 and 12.1.0.1. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of RDBMS Core accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-4245 | Vulnerability in the RDBMS Core component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4 and 12.1.0.1. Difficult to exploit vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to all RDBMS Core accessible data. CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Fusion Middleware
This table provides the text form of the Risk Matrix for Oracle Fusion Middleware.
| CVE Identifier | Description |
|---|---|
| CVE-2013-1620 | Vulnerability in the GlassFish Communications Server component of Oracle Fusion Middleware (subcomponent: Security). The supported version that is affected is 2.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of GlassFish Communications Server accessible data. Note: This fix also addresses CVE-2013-2172. CVE-2013-2172 is equivalent to CVE-2013-2461. CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2013-1741 | Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). The supported version that is affected is 2.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized takeover of Oracle GlassFish Server possibly including arbitrary code execution within the Oracle GlassFish Server. Note: This fix also addresses CVE-2013-1739,CVE-2013-1740, CVE-2013-5605, CVE-2013-5606,CVE-2014-1490, CVE-2014-1491, CVE-2014-1492. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2013-5855 | Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: JavaServer Faces). Supported versions that are affected are 11.1.2.4.0 and 12.1.2.0.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle JDeveloper accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-2479 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 10.0.2.0, 10.3.6.0, 12.1.1.0 and 12.1.2.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebLogic Server accessible data as well as read access to a subset of Oracle WebLogic Server accessible data and ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-2480 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware. Supported versions that are affected are 10.0.2.0, 10.3.6.0, 12.1.1.0 and 12.1.2.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebLogic Server accessible data as well as read access to a subset of Oracle WebLogic Server accessible data and ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-2481 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware. Supported versions that are affected are 10.0.2.0, 10.3.6.0, 12.1.1.0 and 12.1.2.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebLogic Server accessible data as well as read access to a subset of Oracle WebLogic Server accessible data and ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-2493 | Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: ADF Faces). Supported versions that are affected are 11.1.1.7.0, 11.1.2.4.0 and 12.1.2.0.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle JDeveloper accessible data and ability to cause a partial denial of service (partial DOS) of Oracle JDeveloper. CVSS Base Score 6.4 (Confidentiality and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P). (legend) [Advisory] |
| CVE-2014-4201 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 10.3.6.0, 12.1.1.0 and 12.1.2.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-4202 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 10.0.2.0, 10.3.6.0, 12.1.1.0 and 12.1.2.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-4210 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 10.0.2.0 and 10.3.6.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-4211 | Vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: Portlet Services). Supported versions that are affected are 11.1.1.7 and 11.1.1.8. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebCenter Portal accessible data. CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-4212 | Vulnerability in the Oracle Fusion Middleware component of Oracle Fusion Middleware (subcomponent: Process Mgmt & Notification). The supported version that is affected is 11.1.1.7. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Fusion Middleware accessible data. Note: Please refer to My Oracle Support Note 1905314.1 for instructions on optional configuration steps. CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-4217 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 10.0.2.0, 10.3.6.0 and 12.1.1.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebLogic Server accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-4222 | Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: plugin 1.1). Supported versions that are affected are 11.1.1.7.0 and 12.1.2.0. Very difficult to exploit vulnerability allows successful authenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle HTTP Server accessible data. CVSS Base Score 2.1 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-4241 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 10.0.2.0 and 10.3.6.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebLogic Server accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-4242 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Console). Supported versions that are affected are 10.0.2.0, 10.3.6.0, 12.1.1.0 and 12.1.2.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebLogic Server accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-4249 | Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Mobile Service). The supported version that is affected is 11.1.1.7. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of BI Publisher accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-4251 | Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: plugin 1.1). Supported versions that are affected are 11.1.1.7.0 and 12.1.2.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle HTTP Server accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-4253 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WebLogic Server JVM). Supported versions that are affected are 10.0.2.0, 10.3.6.0, 12.1.1.0 and 12.1.2.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via T3. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-4254 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 10.3.6.0, 12.1.1.0 and 12.1.2.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebLogic Server accessible data as well as read access to a subset of Oracle WebLogic Server accessible data and ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-4255 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Security and Policy). Supported versions that are affected are 10.3.6.0, 12.1.1.0 and 12.1.2.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebLogic Server accessible data as well as read access to a subset of Oracle WebLogic Server accessible data and ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-4256 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Deployment). Supported versions that are affected are 10.0.2.0, 10.3.6.0, 12.1.1.0 and 12.1.2.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebLogic Server accessible data as well as read access to a subset of Oracle WebLogic Server accessible data. CVSS Base Score 5.8 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2014-4257 | Vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: Portlet Services). Supported versions that are affected are 11.1.1.7.0 and 11.1.1.8.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to any arbitrary Operating System location. CVSS Base Score 7.1 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:N/A:N). (legend) [Advisory] |
| CVE-2014-4267 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.0.2.0, 10.3.6.0, 12.1.1.0 and 12.1.2.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebLogic Server accessible data as well as read access to a subset of Oracle WebLogic Server accessible data and ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Hyperion
This table provides the text form of the Risk Matrix for Oracle Hyperion.
| CVE Identifier | Description |
|---|---|
| CVE-2014-0436 | Vulnerability in the Hyperion BI+ component of Oracle Hyperion (subcomponent: Web Analysis). Supported versions that are affected are 11.1.2.2 and 11.1.2.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Hyperion BI+ accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-4203 | Vulnerability in the Hyperion Enterprise Performance Management Architect component of Oracle Hyperion (subcomponent: Property Editing). Supported versions that are affected are 11.1.2.2 and 11.1.2.3. Difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized update, insert or delete access to some Hyperion Enterprise Performance Management Architect accessible data as well as read access to a subset of Hyperion Enterprise Performance Management Architect accessible data and ability to cause a partial denial of service (partial DOS) of Hyperion Enterprise Performance Management Architect. CVSS Base Score 4.1 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:S/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-4206 | Vulnerability in the Hyperion Enterprise Performance Management Architect component of Oracle Hyperion (subcomponent: Data Synchronizer). Supported versions that are affected are 11.1.2.2 and 11.1.2.3. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Hyperion Enterprise Performance Management Architect accessible data and ability to cause a partial denial of service (partial DOS) of Hyperion Enterprise Performance Management Architect. CVSS Base Score 3.3 (Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P). (legend) [Advisory] |
| CVE-2014-4246 | Vulnerability in the Hyperion Analytic Provider Services component of Oracle Hyperion (subcomponent: SVP). Supported versions that are affected are 11.1.2.2 and 11.1.2.3. Difficult to exploit vulnerability allows successful authenticated network attacks via XML. Successful attack of this vulnerability can result in unauthorized read access to a subset of Hyperion Analytic Provider Services accessible data. CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-4269 | Vulnerability in the Hyperion Common Admin component of Oracle Hyperion (subcomponent: User Interface). Supported versions that are affected are 11.1.2.2 and 11.1.2.3. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Hyperion Common Admin accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-4270 | Vulnerability in the Hyperion Common Admin component of Oracle Hyperion (subcomponent: User Interface). Supported versions that are affected are 11.1.2.2 and 11.1.2.3. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Hyperion Common Admin accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-4271 | Vulnerability in the Hyperion Essbase component of Oracle Hyperion (subcomponent: Agent). Supported versions that are affected are 11.1.2.2 and 11.1.2.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Hyperion Essbase. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Enterprise Manager Grid Control
This table provides the text form of the Risk Matrix for Oracle Enterprise Manager Grid Control.
| CVE Identifier | Description |
|---|---|
| CVE-2014-4239 | Vulnerability in the Solaris component of Oracle Enterprise Manager Grid Control (subcomponent: Common Agent Container (Cacao)). Supported versions that are affected are 2.3.1.0, 2.3.1.1, 2.3.1.2, 2.4.0.0, 2.4.1.0 and 2.4.2.0. Easily exploitable vulnerability allows successful authenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data. Note: Applies only when Cacao is running on Solaris platform. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle E-Business Suite
This table provides the text form of the Risk Matrix for Oracle E-Business Suite.
| CVE Identifier | Description |
|---|---|
| CVE-2014-0224 | Vulnerability in the Oracle Applications Technology Stack component of Oracle E-Business Suite (subcomponent: IAS For App Technology). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Applications Technology Stack accessible data as well as read access to a subset of Oracle Applications Technology Stack accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Applications Technology Stack. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-2482 | Vulnerability in the Oracle Concurrent Processing component of Oracle E-Business Suite. Supported versions that are affected are 12.1.3, 12.2.2 and 12.2.3. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Concurrent Processing accessible data as well as read access to a subset of Oracle Concurrent Processing accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2014-4213 | Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite. Supported versions that are affected are 12.0.6, 12.1.3, 12.2.2 and 12.2.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Applications Manager accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-4235 | Vulnerability in the Oracle iStore component of Oracle E-Business Suite. Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.3, 12.2.2 and 12.2.3. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle iStore accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-4248 | Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Logging). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.3, 12.2.2 and 12.2.3. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS Base Score 1.0 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:H/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Supply Chain Products Suite
This table provides the text form of the Risk Matrix for Oracle Supply Chain Products Suite.
| CVE Identifier | Description |
|---|---|
| CVE-2014-2492 | Vulnerability in the Oracle Agile Product Collaboration component of Oracle Supply Chain Products Suite (subcomponent: Web client (PC)). The supported version that is affected is 9.3.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Agile Product Collaboration accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-4229 | Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Data, Domain & Function Security). Supported versions that are affected are 6.2, 6.3, 6.3.1, 6.3.2, 6.3.3 and 6.3.4. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Transportation Management accessible data as well as read access to a subset of Oracle Transportation Management accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2014-4234 | Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Data, Domain & Function Security). Supported versions that are affected are 6.1, 6.2, 6.3, 6.3.1, 6.3.2, 6.3.3 and 6.3.4. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Transportation Management accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle PeopleSoft Products
This table provides the text form of the Risk Matrix for Oracle PeopleSoft Products.
| CVE Identifier | Description |
|---|---|
| CVE-2014-2456 | Vulnerability in the PeopleSoft Enterprise ELS Enterprise Learning Management component of Oracle PeopleSoft Products (subcomponent: Enterprise Learning Mgmt). Supported versions that are affected are 9.1 and 9.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise ELS Enterprise Learning Management accessible data as well as read access to a subset of PeopleSoft Enterprise ELS Enterprise Learning Management accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2014-2495 | Vulnerability in the PeopleSoft Enterprise SCM Purchasing component of Oracle PeopleSoft Products (subcomponent: Purchasing). Supported versions that are affected are 9.1 and 9.2. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP, but can only be launched from an adjacent network. Successful attack of this vulnerability can result in unauthorized read access to all PeopleSoft Enterprise SCM Purchasing accessible data. CVSS Base Score 2.3 (Confidentiality impacts). CVSS V2 Vector: (AV:A/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-2496 | Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: Test Framework). Supported versions that are affected are 8.52 and 8.53. Easily exploitable vulnerability allows successful authenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PT PeopleTools accessible data as well as read access to a subset of PeopleSoft Enterprise PT PeopleTools accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2014-4204 | Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). The supported version that is affected is 8.53. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PT PeopleTools accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-4226 | Vulnerability in the PeopleSoft Enterprise FIN Install component of Oracle PeopleSoft Products (subcomponent: Install). Supported versions that are affected are 9.1 and 9.2. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized takeover of PeopleSoft Enterprise FIN Install possibly including arbitrary code execution within the PeopleSoft Enterprise FIN Install. CVSS Base Score 5.1 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Siebel CRM
This table provides the text form of the Risk Matrix for Oracle Siebel CRM.
| CVE Identifier | Description |
|---|---|
| CVE-2014-2485 | Vulnerability in the Siebel Core - EAI component of Oracle Siebel CRM (subcomponent: Integration Business Services). Supported versions that are affected are 8.1.1 and 8.2.2. Easily exploitable vulnerability requiring logon to Operating System plus additional, multiple logins to components. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized read access to a subset of Siebel Core - EAI accessible data. CVSS Base Score 1.4 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:M/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-2491 | Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: Portal Framework). Supported versions that are affected are 8.1.1 and 8.2.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Siebel UI Framework accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-4205 | Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: Portal Framework). Supported versions that are affected are 8.1.1 and 8.2.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Siebel UI Framework accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-4230 | Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: Open_UI). Supported versions that are affected are 8.1.1 and 8.2.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Siebel UI Framework accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-4231 | Vulnerability in the Siebel Travel and Transportation component of Oracle Siebel CRM (subcomponent: Diary). Supported versions that are affected are 8.1.1 and 8.2.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Siebel Travel and Transportation accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-4250 | Vulnerability in the Siebel Core - Server OM Frwks component of Oracle Siebel CRM (subcomponent: Object Manager). Supported versions that are affected are 8.1.1 and 8.2.2. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Siebel Core - Server OM Frwks accessible data. CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Communications Applications
This table provides the text form of the Risk Matrix for Oracle Communications Applications.
| CVE Identifier | Description |
|---|---|
| CVE-2013-1741 | Vulnerability in the Oracle Communications Messaging Server component of Oracle Communications Applications (subcomponent: Security). Supported versions that are affected are 7.0.5.30.0 and earlier. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Communications Messaging Server accessible data as well as read access to a subset of Oracle Communications Messaging Server accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Communications Messaging Server. Note: This fix also addresses CVE-2013-1620, CVE-2013-1739, CVE-2013-1740, CVE-2013-5605, CVE-2013-5606, CVE-2014-1490, CVE-2014-1491 and CVE-2014-1492. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Retail Applications
This table provides the text form of the Risk Matrix for Oracle Retail Applications.
| CVE Identifier | Description |
|---|---|
| CVE-2014-0114 | Vulnerability in the Oracle Retail Back Office component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 8.0, 12.0, 12.0.9IN, 13.0, 13.1, 13.2, 13.3, 13.4 and 14.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Retail Back Office accessible data as well as read access to a subset of Oracle Retail Back Office accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Retail Back Office. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Java SE
This table provides the text form of the Risk Matrix for Oracle Java SE.
| CVE Identifier | Description |
|---|---|
| CVE-2014-2483 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE 7u60. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2014-2490 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE 7u60 and Java SE 8u5. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2014-4208 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 7u60 and Java SE 8u5. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 2.6 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-4209 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE 5.0u65, Java SE 6u75, Java SE 7u60 and Java SE 8u5. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2014-4216 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE 5.0u65, Java SE 6u75, Java SE 7u60 and Java SE 8u5. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2014-4218 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE 5.0u65, Java SE 6u75, Java SE 7u60 and Java SE 8u5. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-4219 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE 6u75, Java SE 7u60 and Java SE 8u5. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2014-4220 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 7u60 and Java SE 8u5. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-4221 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE 7u60 and Java SE 8u5. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-4223 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE 7u60. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2014-4227 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u75, Java SE 7u60 and Java SE 8u5. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2014-4244 | Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE 5.0u65, Java SE 6u75, Java SE 7u60, Java SE 8u5, JRockit R27.8.2 and JRockit R28.3.2. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, JRockit accessible data as well as read access to a subset of Java SE, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS Base Score 4.0 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2014-4247 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). The supported version that is affected is Java SE 8u5. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2014-4252 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE 5.0u65, Java SE 6u75, Java SE 7u60 and Java SE 8u5. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-4262 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE 5.0u65, Java SE 6u75, Java SE 7u60 and Java SE 8u5. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2014-4263 | Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE 5.0u65, Java SE 6u75, Java SE 7u60, Java SE 8u5, JRockit R27.8.2 and JRockit R28.3.2. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, JRockit accessible data as well as read access to a subset of Java SE, JRockit accessible data. Note: Applies to Diffie-Hellman key agreement in client and server deployment of Java. CVSS Base Score 4.0 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2014-4264 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE 7u60 and Java SE 8u5. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: Applies to client and server deployment of JSSE. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-4265 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u75, Java SE 7u60 and Java SE 8u5. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-4266 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Serviceability). Supported versions that are affected are Java SE 7u60 and Java SE 8u5. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-4268 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Swing). Supported versions that are affected are Java SE 5.0u65, Java SE 6u75, Java SE 7u60 and Java SE 8u5. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle and Sun Systems Products Suite
This table provides the text form of the Risk Matrix for Oracle and Sun Systems Products Suite.
| CVE Identifier | Description |
|---|---|
| CVE-2014-4215 | Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: CPU performance counters (CPC) drivers). Supported versions that are affected are 10 and 11.1. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory] |
| CVE-2014-4224 | Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: sockfs). Supported versions that are affected are 8, 9, 10 and 11.1. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory] |
| CVE-2014-4225 | Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Patch installation scripts). The supported version that is affected is 10. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Virtualization
This table provides the text form of the Risk Matrix for Oracle Virtualization.
| CVE Identifier | Description |
|---|---|
| CVE-2012-3544 | Vulnerability in the Sun Ray Software component of Oracle Virtualization (subcomponent: Apache Tomcat). The supported version that is affected is Sun Ray Software prior to 5.4.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Sun Ray Software. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2013-4286 | Vulnerability in the Oracle Secure Global Desktop (SGD) component of Oracle Virtualization (subcomponent: Apache Tomcat). Supported versions that are affected are 4.63, 4.71, 5.0 and 5.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Secure Global Desktop (SGD) accessible data as well as read access to a subset of Oracle Secure Global Desktop (SGD) accessible data. Note: This fix also addresses CVE-2013-4322, CVE-2014-0050, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099 and CVE-2014-0119. CVSS Base Score 5.8 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2014-0033 | Vulnerability in the Oracle Secure Global Desktop (SGD) component of Oracle Virtualization (subcomponent: Apache Tomcat). The supported version that is affected is 4.63. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Secure Global Desktop (SGD) accessible data. CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-0098 | Vulnerability in the Oracle Secure Global Desktop (SGD) component of Oracle Virtualization (subcomponent: Apache HTTP Server). Supported versions that are affected are 4.63, 4.71, 5.0 and 5.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Secure Global Desktop (SGD). Note: This fix also addresses CVE-2013-6438. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-0211 | Vulnerability in the Oracle Secure Global Desktop (SGD) component of Oracle Virtualization (subcomponent: LibXfont). Supported versions that are affected are 4.63, 4.71, 5.0 and 5.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Secure Global Desktop (SGD) accessible data as well as read access to a subset of Oracle Secure Global Desktop (SGD) accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Secure Global Desktop (SGD). Note: This fix also addresses CVE-2014-0209 and CVE-2014-0210. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-0224 | Vulnerability in the Oracle Secure Global Desktop (SGD) component of Oracle Virtualization (subcomponent: OpenSSL). Supported versions that are affected are 4.63, 4.71, 5.0 and 5.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Secure Global Desktop (SGD) accessible data as well as read access to a subset of Oracle Secure Global Desktop (SGD) accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Secure Global Desktop (SGD). Note: This fix also addresses CVE-2010-5298, CVE-2013-6449 and CVE-2013-6450, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221 and CVE-2014-3470. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-2477 | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are VirtualBox prior to 4.0.26, 4.1.34, 4.2.26 and 4.3.12. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle VM VirtualBox accessible data and ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS Base Score 3.6 (Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:P/A:P). (legend) [Advisory] |
| CVE-2014-2486 | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are VirtualBox prior to 3.2.24, 4.0.26, 4.1.34, 4.2.26 and 4.3.12. Difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized update, insert or delete access to all Oracle VM VirtualBox accessible data and ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS Base Score 3.0 (Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:S/C:N/I:P/A:P). (legend) [Advisory] |
| CVE-2014-2487 | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are VirtualBox prior to 3.2.24, 4.0.26, 4.1.34, 4.2.26 and 4.3.14. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies only when VirtualBox is running on a Windows host operating system. CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
| CVE-2014-2488 | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are VirtualBox prior to 3.2.24, 4.0.26, 4.1.34, 4.2.26 and 4.3.12. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized read access to all Oracle VM VirtualBox accessible data. CVSS Base Score 1.0 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:H/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
| CVE-2014-2489 | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are VirtualBox prior to 3.2.24, 4.0.26, 4.1.34, 4.2.26 and 4.3.12. Difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized takeover of Oracle VM VirtualBox possibly including arbitrary code execution within the Oracle VM VirtualBox. CVSS Base Score 4.1 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:S/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-4228 | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Graphics driver (WDDM) for Windows guests). Supported versions that are affected are VirtualBox prior to 4.1.34, 4.2.26 and 4.3.12. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as update, insert or delete access to some Oracle VM VirtualBox accessible data and read access to a subset of Oracle VM VirtualBox accessible data. CVSS Base Score 4.4 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-4232 | Vulnerability in the Oracle Secure Global Desktop (SGD) component of Oracle Virtualization (subcomponent: Workspace Web Application). Supported versions that are affected are 4.63, 4.71, 5.0 and 5.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Secure Global Desktop (SGD) accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
| CVE-2014-4261 | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are VirtualBox prior to 3.2.24, 4.0.26, 4.1.34, 4.2.26 and 4.3.14. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies only when VirtualBox is running on a Windows host operating system. CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle MySQL
This table provides the text form of the Risk Matrix for Oracle MySQL.
| CVE Identifier | Description |
|---|---|
| CVE-2014-2484 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SRFTS). Supported versions that are affected are 5.6.17 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized takeover of MySQL Server possibly including arbitrary code execution within the MySQL Server. CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-2494 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: ENARC). Supported versions that are affected are 5.5.37 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-4207 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SROPTZR). Supported versions that are affected are 5.5.37 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-4214 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SRSP). Supported versions that are affected are 5.6.17 and earlier. Easily exploitable vulnerability allows successful network attacks via multiple protocols, requiring multiple authentications. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 3.3 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:M/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-4233 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SRREP). Supported versions that are affected are 5.6.17 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-4238 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SROPTZR). Supported versions that are affected are 5.6.17 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-4240 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SRREP). Supported versions that are affected are 5.6.17 and earlier. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some MySQL Server accessible data as well as read access to a subset of MySQL Server accessible data. CVSS Base Score 3.6 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
| CVE-2014-4243 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: ENFED). Supported versions that are affected are 5.5.35 and earlier and 5.6.15 and earlier. Difficult to exploit vulnerability allows successful network attacks via multiple protocols, requiring multiple authentications. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 2.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:M/C:N/I:N/A:P). (legend) [Advisory] |
| CVE-2014-4258 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SRINFOSC). Supported versions that are affected are 5.5.37 and earlier and 5.6.17 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized takeover of MySQL Server possibly including arbitrary code execution within the MySQL Server. CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory] |
| CVE-2014-4260 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SRCHAR). Supported versions that are affected are 5.5.37 and earlier and 5.6.17 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as update, insert or delete access to some MySQL Server accessible data. CVSS Base Score 5.5 (Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:P). (legend) [Advisory] |