Oracle Critical Patch Update Advisory - April 2012 - DRAFT ORACLE CVRF Oracle Critical Patch Update Advisory CPUApr2012 Draft 1.0 1.0 2012-04-17T13:00:00-07:00 Initial Distribution 2012-04-17T13:00:00-07:00 2012-04-17T13:00:00-07:00 This document contains descriptions of Oracle product security vulnerabilities which have had fixes released for all supported versions and platforms for the associated product. Additional information regarding these vulnerabilities including fix distribution information can be found at the Oracle sites referenced in this document. This document is published at: http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html URL to html version of Advisory Alexander Kornbrust Red Database Security Andrea Micalizzi TippingPoint's Zero Day Initiative Brian Gorenc TippingPoint's Zero Day Initiative Dave Love Dave Love David Litchfield V3rity Edward Torkington Edward Torkington Esteban Martinez Fayo Application Security, Inc. Frank Stuart Frank Stuart G & W Laboratories TippingPoint's Zero Day Initiative Joxean Koret iSIGHT Partners Global Vulnerability Partnership Nathan Catlow Recx Peter Maklary LYNX Ltd. Pierre Ernst IBM Canada Roberto Suggi Liverani Security-Assessment.com Shrikant Antre Network Intelligence Sow Ching Shiong Secunia Research Stephen Kost Integrigy Vishal K Vishal K William Hay William Hay Oracle Database Version 10.2.0.3 Oracle Database Version 10.2.0.4 Oracle Database Version 10.2.0.5 Oracle Database Version 11.1.0.7 Oracle Database Version 11.2.0.2 Oracle Database Version 11.2.0.3 Oracle Spatial Version 10.2.0.3 Oracle Spatial Version 10.2.0.4 Oracle Spatial Version 10.2.0.5 Oracle Spatial Version 11.1.0.7 Oracle Spatial Version 11.2.0.2 Oracle Spatial Version 11.2.0.3 Application Express Version 4.0 Application Express Version 4.1 Oracle iStore Version 11.5.10.2 Oracle iStore Version 12.0.4 Oracle iStore Version 12.0.6 Oracle iStore Version 12.1.1 Oracle iStore Version 12.1.2 Oracle iStore Version 12.1.3 Oracle Application Object Library Version 12.0.6 Oracle Application Object Library Version 12.1.3 Oracle Applications Framework Version 12.1.3 Oracle Applications Technology Stack Version 12.0.6 Oracle Applications Technology Stack Version 12.1.3 Enterprise Manager for Oracle Database Version 10.2.0.5 Enterprise Manager Base Platform Version - Enterprise Manager Base Platform Version 10.2.0.5 Enterprise Manager Base Platform Version 11.1.0.1 Oracle FLEXCUBE Universal Banking Version 10.0.0 - 10.5.0 Oracle FLEXCUBE Universal Banking Version 11.0.0 - 11.2.0 Oracle FLEXCUBE Universal Banking Version 11.0.0 - 11.4.0 Oracle FLEXCUBE Direct Banking Version 5.0.2 Oracle FLEXCUBE Direct Banking Version 5.3.0 - 5.3.4 Oracle FLEXCUBE Direct Banking Version 6.0.1 Oracle FLEXCUBE Direct Banking Version 6.2.0 Oracle JDeveloper Version 10.1.3.5 BI Publisher (formerly XML Publisher) Version 10.1.3.4.1 BI Publisher (formerly XML Publisher) Version 10.1.3.4.2 Identity Manager Version 11.1.1.3 Identity Manager Version 11.1.1.5 Identity Manager Connector Version 9.1.0.4 Oracle Outside In Technology Version 8.3.5 Oracle Outside In Technology Version 8.3.7 Oracle JRockit Version 27.7.1 and before: JKD/JRE 5 and 6 Oracle JRockit Version 28.2.2 and before: JDK/JRE 5 and 6 Oracle WebCenter Forms Recognition Version 10.1.3.5 Siebel Life Sciences Version 7.7 Siebel Life Sciences Version 7.8 Siebel Life Sciences Version 8.0.0.x Siebel Life Sciences Version 8.1.1.x Siebel Life Sciences Version 8.2.2.x MySQL Server Version 5.1.60 and earlier MySQL Server Version 5.1.61 and earlier MySQL Server Version 5.5.19 and earlier MySQL Server Version 5.5.21 and earlier PeopleSoft Enterprise CRM Sales Version 9.1 PeopleSoft Enterprise FIN Receivables Version 9.0 PeopleSoft Enterprise FIN Receivables Version 9.1 PeopleSoft Enterprise HRMS Candidate Gateway Version 9.1 PeopleSoft Enterprise HRMS eCompensation Version 8.9 through Bundle #26 PeopleSoft Enterprise HRMS eCompensation Manager Desktop Version 9.0 PeopleSoft Enterprise HRMS Human Resources Version 9.1 Bundle #9 PeopleSoft Enterprise PT PeopleTools Version 8.50 PeopleSoft Enterprise PT PeopleTools Version 8.51 PeopleSoft Enterprise PT PeopleTools Version 8.52 PeopleSoft Enterprise PRTL Interaction Hub Version 9.1 PeopleSoft Enterprise SCM Billing Version 9.0 PeopleSoft Enterprise SCM Billing Version 9.1 PeopleSoft Enterprise SCM eProcurement Version 9.0 PeopleSoft Enterprise SCM eProcurement Version 9.1 Primavera P6 Enterprise Project Portfolio Management Version 6.2.1 Primavera P6 Enterprise Project Portfolio Management Version 8.0 Primavera P6 Enterprise Project Portfolio Management Version 8.1 Primavera P6 Enterprise Project Portfolio Management Version 8.2 Oracle GlassFish Server Version GlassFish Enterprise Server 3.1.1 Oracle iPlanet Web Server Version 7.0 Solaris Products Version 10 Solaris Products Version 11 Solaris Products Version 6.1 Solaris Products Version 6.2 Solaris Products Version 8 Solaris Products Version 9 Solaris Products Version XCP 1110 Solaris Products Version XCP 1110 and earlier Oracle Agile Product Data Management for Process Version 6.0.0 Oracle Agile Product Supplier Collaboration for Process Version 6.0.0 Oracle Agile New Product Development and Introduction for Process Version 6.0.0 Oracle AutoVue Office Version 20.0.2 Vulnerability in the Oracle Grid Engine component of Oracle Sun Products Suite (subcomponent: qrsh). Supported versions that are affected are 6.1 and 6.2. Easily exploitable vulnerability allows successful authenticated network attacks via RSH. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C). Oracle Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C). Fix has been released CVE-2012-0208 P-8752V-6.1 P-8752V-6.2 9.0 AV:N/AC:L/Au:S/C:C/I:C/A:C CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-8752V-6.1 P-8752V-6.2 Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Software (subcomponent: Core-Base). Supported versions that are affected are 5.0.2 and 5.3.0 - 5.3.4. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle FLEXCUBE Direct Banking accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Fix has been released CVE-2012-0509 P-9111V-5.0.2 P-9111V-5.3.0 - 5.3.4 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-9111V-5.0.2 P-9111V-5.3.0 - 5.3.4 Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 10.2.0.3, 10.2.0.4, 10.2.0.5 and 11.1.0.7. Easily exploitable vulnerability allows successful unauthenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Core RDBMS accessible data and ability to cause a partial denial of service (partial DOS) of Core RDBMS. CVSS Base Score 6.4 (Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:P). Fix has been released CVE-2012-0510 P-5V-10.2.0.3 P-5V-10.2.0.4 P-5V-10.2.0.5 P-5V-11.1.0.7 6.4 AV:N/AC:L/Au:N/C:N/I:P/A:P CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-5V-10.2.0.3 P-5V-10.2.0.4 P-5V-10.2.0.5 P-5V-11.1.0.7 Vulnerability in the OCI component of Oracle Database Server. Supported versions that are affected are 10.2.0.3, 10.2.0.4 and 11.1.0.7. Easily exploitable vulnerability allows successful unauthenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some OCI accessible data as well as read access to a subset of OCI accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Fix has been released CVE-2012-0511 P-5V-10.2.0.3 P-5V-10.2.0.4 P-5V-11.1.0.7 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-5V-10.2.0.3 P-5V-10.2.0.4 P-5V-11.1.0.7 Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Enterprise Config Management). For supported versions that are affected see note. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Enterprise Manager Base Platform accessible data as well as read access to all Enterprise Manager Base Platform accessible data. Note: Fixed in all supported releases and patchsets. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P+/I:P+/A:N). Fix has been released CVE-2012-0512 P-1370V-- 5.5 AV:N/AC:L/Au:S/C:P/I:P/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-1370V-- Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: REST Services). Supported versions that are affected are 12.0.6 and 12.1.3. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Object Library accessible data. CVSS Base Score 2.6 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-0513 P-510V-12.0.6 P-510V-12.1.3 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-510V-12.0.6 P-510V-12.1.3 Vulnerability in the PeopleSoft Enterprise CRM component of Oracle PeopleSoft Products (subcomponent: SEC). The supported version that is affected is 9.1. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise CRM accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Fix has been released CVE-2012-0514 P-4895V-9.1 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-4895V-9.1 Vulnerability in the Identity Manager Connector component of Oracle Fusion Middleware (subcomponent: Database User). The supported version that is affected is 9.1.0.4. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Identity Manager Connector accessible data. CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:P+/A:N). Fix has been released CVE-2012-0515 P-1999V-9.1.0.4 4.0 AV:N/AC:L/Au:S/C:N/I:P/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-1999V-9.1.0.4 Vulnerability in the Oracle iPlanet Web Server component of Oracle Sun Products Suite (subcomponent: Administration Console). The supported version that is affected is 7.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized takeover of Oracle iPlanet Web Server possibly including arbitrary code execution within the Oracle iPlanet Web Server. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:M/Au:N/C:P+/I:P+/A:P+). Fix has been released CVE-2012-0516 P-8543V-7.0 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-8543V-7.0 Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: eCompensation Manager Desktop). The supported version that is affected is 9.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise HRMS accessible data as well as read access to a subset of PeopleSoft Enterprise HRMS accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). Fix has been released CVE-2012-0517 P-5047V-9.0 5.5 AV:N/AC:L/Au:S/C:P/I:P/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-5047V-9.0 Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Create library, create procedure privileges for a successful attack. The supported version that is affected is 11.2.0.2. Very difficult to exploit vulnerability allows successful authenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: The vulnerability affects Microsoft Windows platforms only. CVSS Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:C/I:C/A:C). Oracle Vector: (AV:N/AC:H/Au:S/C:C/I:C/A:C). Fix has been released CVE-2012-0519 P-5V-11.2.0.2 7.1 AV:N/AC:H/Au:S/C:C/I:C/A:C CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-5V-11.2.0.2 Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Security Framework). Supported versions that are affected are 10.2.0.5 and 11.1.0.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Base Platform accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-0520 P-1370V-10.2.0.5 P-1370V-11.1.0.1 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-1370V-10.2.0.5 P-1370V-11.1.0.1 Vulnerability in the PeopleSoft Enterprise HCM component of Oracle PeopleSoft Products (subcomponent: Human Resources). The supported version that is affected is 9.1 Bundle #9. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Fix has been released CVE-2012-0521 P-5071V-9.1 Bundle #9 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-5071V-9.1 Bundle #9 Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: Java Business Objects). The supported version that is affected is 10.1.3.5. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle JDeveloper accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-0522 P-807V-10.1.3.5 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-807V-10.1.3.5 Vulnerability in the Oracle Grid Engine component of Oracle Sun Products Suite (subcomponent: sgepasswd). Supported versions that are affected are 6.1 and 6.2. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). Fix has been released CVE-2012-0523 P-8752V-6.1 P-8752V-6.2 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-8752V-6.1 P-8752V-6.2 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: File Processing). Supported versions that are affected are 8.50, 8.51 and 8.52. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data as well as read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 3.2 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:P/I:P/A:N). Oracle Vector: (AV:L/AC:L/Au:S/C:P/I:P/A:N). Fix has been released CVE-2012-0524 P-5085V-8.50 P-5085V-8.51 P-5085V-8.52 3.2 AV:L/AC:L/Au:S/C:P/I:P/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-5085V-8.50 P-5085V-8.51 P-5085V-8.52 Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Enterprise Config Management). Supported versions that are affected are 10.2.0.5 and 11.1.0.1. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to all Enterprise Manager Base Platform accessible data as well as update, insert or delete access to some Enterprise Manager Base Platform accessible data. CVSS Base Score 4.9 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:P+/I:P/A:N). Fix has been released CVE-2012-0525 P-1370V-10.2.0.5 P-1370V-11.1.0.1 4.9 AV:N/AC:M/Au:S/C:P/I:P/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-1370V-10.2.0.5 P-1370V-11.1.0.1 Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Schema Management). The supported version that is affected is 10.2.0.5. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Base Platform accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-0526 P-1366V-10.2.0.5 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-1366V-10.2.0.5 Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Schema Management). The supported version that is affected is 10.2.0.5. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Base Platform accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-0527 P-1366V-10.2.0.5 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-1366V-10.2.0.5 Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Security Framework). For supported versions that are affected see note. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Base Platform accessible data as well as read access to a subset of Enterprise Manager Base Platform accessible data. Note: Fixed in all supported releases and patchsets. CVSS Base Score 5.8 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N). Fix has been released CVE-2012-0528 P-1370V-- 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-1370V-- Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: core). The supported version that is affected is 8.51. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Fix has been released CVE-2012-0529 P-5085V-8.51 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-5085V-8.51 Vulnerability in the PeopleSoft Enterprise SCM component of Oracle PeopleSoft Products (subcomponent: eProcurement). Supported versions that are affected are 9.0 and 9.1. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise SCM accessible data. CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). Fix has been released CVE-2012-0530 P-5118V-9.0 P-5118V-9.1 4.0 AV:N/AC:L/Au:S/C:N/I:P/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-5118V-9.0 P-5118V-9.1 Vulnerability in the PeopleSoft Enterprise Portal component of Oracle PeopleSoft Products (subcomponent: Enterprise Portal). The supported version that is affected is 9.1. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise Portal accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Fix has been released CVE-2012-0531 P-5090V-9.1 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-5090V-9.1 Vulnerability in the Identity Manager component of Oracle Fusion Middleware (subcomponent: User Config Management). Supported versions that are affected are 11.1.1.3 and 11.1.1.5. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Identity Manager accessible data as well as read access to all Identity Manager accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P+/I:P+/A:N). Fix has been released CVE-2012-0532 P-1980V-11.1.1.3 P-1980V-11.1.1.5 5.5 AV:N/AC:L/Au:S/C:P/I:P/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-1980V-11.1.1.3 P-1980V-11.1.1.5 Vulnerability in the PeopleSoft Enterprise FCSM component of Oracle PeopleSoft Products (subcomponent: Receivables). Supported versions that are affected are 9.0 and 9.1. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise FCSM accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Fix has been released CVE-2012-0533 P-5021V-9.0 P-5021V-9.1 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-5021V-9.0 P-5021V-9.1 Vulnerability in the RDBMS Core component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2 and 11.2.0.3. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some RDBMS Core accessible data. CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). Fix has been released CVE-2012-0534 P-5V-10.2.0.3 P-5V-10.2.0.4 P-5V-10.2.0.5 P-5V-11.1.0.7 P-5V-11.2.0.2 P-5V-11.2.0.3 4.0 AV:N/AC:L/Au:S/C:N/I:P/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-5V-10.2.0.3 P-5V-10.2.0.4 P-5V-10.2.0.5 P-5V-11.1.0.7 P-5V-11.2.0.2 P-5V-11.2.0.3 Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Change Password Page). Supported versions that are affected are 12.0.6 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2012-0535 P-1745V-12.0.6 P-1745V-12.1.3 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-1745V-12.0.6 P-1745V-12.1.3 Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: eCompensation). The supported version that is affected is 8.9 through Bundle #26. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HRMS accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Fix has been released CVE-2012-0536 P-5046V-8.9 through Bundle #26 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-5046V-8.9 through Bundle #26 Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: HTML pages). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Application Object Library accessible data as well as read access to all Oracle Application Object Library accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:N). Fix has been released CVE-2012-0537 P-1472V-12.1.3 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-1472V-12.1.3 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Search). Supported versions that are affected are 8.50, 8.51 and 8.52. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all PeopleSoft Enterprise PeopleTools accessible data as well as read access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P+/I:P+/A:N). Fix has been released CVE-2012-0538 P-5085V-8.50 P-5085V-8.51 P-5085V-8.52 5.5 AV:N/AC:L/Au:S/C:P/I:P/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-5085V-8.50 P-5085V-8.51 P-5085V-8.52 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: bsmconv(1M), bsmunconv(1M)). Supported versions that are affected are 8, 9 and 10. Very difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:L/AC:H/Au:N/C:C/I:C/A:C). Fix has been released CVE-2012-0539 P-8752V-8 P-8752V-9 P-8752V-10 6.2 AV:L/AC:H/Au:N/C:C/I:C/A:C CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-8752V-8 P-8752V-9 P-8752V-10 Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Software (subcomponent: Core-My Services). Supported versions that are affected are 5.0.2, 5.3.0 - 5.3.4, 6.0.1 and 6.2.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data. CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). Fix has been released CVE-2012-0541 P-9111V-5.0.2 P-9111V-5.3.0 - 5.3.4 P-9111V-6.0.1 P-9111V-6.2.0 3.5 AV:N/AC:M/Au:S/C:P/I:N/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-9111V-5.0.2 P-9111V-5.3.0 - 5.3.4 P-9111V-6.0.1 P-9111V-6.2.0 Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Runtime Catalog). Supported versions that are affected are 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2 and 12.1.3. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle iStore accessible data. CVSS Base Score 2.6 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-0542 P-384V-11.5.10.2 P-384V-12.0.4 P-384V-12.0.6 P-384V-12.1.1 P-384V-12.1.2 P-384V-12.1.3 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-384V-11.5.10.2 P-384V-12.0.4 P-384V-12.0.6 P-384V-12.1.1 P-384V-12.1.2 P-384V-12.1.3 Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: Administration). Supported versions that are affected are 10.1.3.4.1 and 10.1.3.4.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some BI Publisher (formerly XML Publisher) accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-0543 P-1479V-10.1.3.4.1 P-1479V-10.1.3.4.2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-1479V-10.1.3.4.1 P-1479V-10.1.3.4.2 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Software (subcomponent: Core). Supported versions that are affected are 10.0.0 - 10.5.0 and 11.0.0 - 11.4.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle FLEXCUBE Universal Banking accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Fix has been released CVE-2012-0544 P-9052V-10.0.0 - 10.5.0 P-9052V-11.0.0 - 11.4.0 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-9052V-10.0.0 - 10.5.0 P-9052V-11.0.0 - 11.4.0 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Software (subcomponent: Core). Supported versions that are affected are 10.0.0 - 10.5.0 and 11.0.0 - 11.2.0. Very difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle FLEXCUBE Universal Banking accessible data as well as read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS Base Score 3.6 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:H/Au:S/C:P/I:P/A:N). Fix has been released CVE-2012-0545 P-9052V-10.0.0 - 10.5.0 P-9052V-11.0.0 - 11.2.0 3.6 AV:N/AC:H/Au:S/C:P/I:P/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-9052V-10.0.0 - 10.5.0 P-9052V-11.0.0 - 11.2.0 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Software (subcomponent: Core). Supported versions that are affected are 10.0.0 - 10.5.0 and 11.0.0 - 11.2.0. Very difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle FLEXCUBE Universal Banking accessible data as well as read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS Base Score 3.6 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:H/Au:S/C:P/I:P/A:N). Fix has been released CVE-2012-0546 P-9052V-10.0.0 - 10.5.0 P-9052V-11.0.0 - 11.2.0 3.6 AV:N/AC:H/Au:S/C:P/I:P/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-9052V-10.0.0 - 10.5.0 P-9052V-11.0.0 - 11.2.0 Vulnerability in the SPARC Enterprise M Series Servers component of Oracle Sun Products Suite (subcomponent: XSCF Control Package (XCP)). Supported versions that are affected are XCP 1110 and earlier. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of SPARC Enterprise M Series Servers accessible data. CVSS Base Score 2.1 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2012-0548 P-8752V-XCP 1110 and earlier 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-8752V-XCP 1110 and earlier Vulnerability in the Oracle AutoVue Office component of Oracle Supply Chain Products Suite (subcomponent: Desktop API). The supported version that is affected is 20.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle AutoVue Office accessible data as well as read access to a subset of Oracle AutoVue Office accessible data and ability to cause a partial denial of service (partial DOS) of Oracle AutoVue Office. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). Fix has been released CVE-2012-0549 P-4449V-20.0.2 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-4449V-20.0.2 Vulnerability in the GlassFish Enterprise Server component of Oracle Sun Products Suite (subcomponent: Web Container). The supported version that is affected is GlassFish Enterprise Server 3.1.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some GlassFish Enterprise Server accessible data as well as read access to a subset of GlassFish Enterprise Server accessible data and ability to cause a partial denial of service (partial DOS) of GlassFish Enterprise Server. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). Fix has been released CVE-2012-0550 P-8493V-GlassFish Enterprise Server 3.1.1 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-8493V-GlassFish Enterprise Server 3.1.1 Vulnerability in the GlassFish Enterprise Server component of Oracle Sun Products Suite (subcomponent: Web Container). The supported version that is affected is GlassFish Enterprise Server 3.1.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some GlassFish Enterprise Server accessible data as well as read access to a subset of GlassFish Enterprise Server accessible data. CVSS Base Score 5.8 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N). Fix has been released CVE-2012-0551 P-8493V-GlassFish Enterprise Server 3.1.1 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-8493V-GlassFish Enterprise Server 3.1.1 Vulnerability in the Oracle Spatial component of Oracle Database Server. This vulnerability requires Create session, create index, alter index, create table privileges for a successful attack. Supported versions that are affected are 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2 and 11.2.0.3. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: The CVSS Base Score is 9.0 only for Windows. For Linux, Unix and other platforms, the CVSS Base Score is 6.5, and the impacts for Confidentiality, Integrity and Availability are Partial+. CVSS Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C). Oracle Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C). Fix has been released CVE-2012-0552 P-619V-10.2.0.3 P-619V-10.2.0.4 P-619V-10.2.0.5 P-619V-11.1.0.7 P-619V-11.2.0.2 P-619V-11.2.0.3 9.0 AV:N/AC:L/Au:S/C:C/I:C/A:C CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-619V-10.2.0.3 P-619V-10.2.0.4 P-619V-10.2.0.5 P-619V-11.1.0.7 P-619V-11.2.0.2 P-619V-11.2.0.3 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Image Export SDK). Supported versions that are affected are 8.3.5 and 8.3.7. Easily exploitable vulnerability allows successful unauthenticated network attacks via None. Successful attack of this vulnerability can result in unauthorized takeover of Oracle Outside In Technology possibly including arbitrary code execution within the Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. In determining the CVSS score for this vulnerability we have assumed the hosting software exposes this functionality over the network without authentication. If this is not the case, the CVSS score could be much lower. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:P+). Fix has been released CVE-2012-0554 P-2276V-8.3.5 P-2276V-8.3.7 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-2276V-8.3.5 P-2276V-8.3.7 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Image Export SDK). Supported versions that are affected are 8.3.5 and 8.3.7. Easily exploitable vulnerability allows successful unauthenticated network attacks via None. Successful attack of this vulnerability can result in unauthorized takeover of Oracle Outside In Technology possibly including arbitrary code execution within the Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. In determining the CVSS score for this vulnerability we have assumed the hosting software exposes this functionality over the network without authentication. If this is not the case, the CVSS score could be much lower. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:P+). Fix has been released CVE-2012-0555 P-2276V-8.3.5 P-2276V-8.3.7 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-2276V-8.3.5 P-2276V-8.3.7 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Image Export SDK). Supported versions that are affected are 8.3.5 and 8.3.7. Easily exploitable vulnerability allows successful unauthenticated network attacks via None. Successful attack of this vulnerability can result in unauthorized takeover of Oracle Outside In Technology possibly including arbitrary code execution within the Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. In determining the CVSS score for this vulnerability we have assumed the hosting software exposes this functionality over the network without authentication. If this is not the case, the CVSS score could be much lower. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:P+). Fix has been released CVE-2012-0556 P-2276V-8.3.5 P-2276V-8.3.7 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-2276V-8.3.5 P-2276V-8.3.7 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Image Export SDK). Supported versions that are affected are 8.3.5 and 8.3.7. Easily exploitable vulnerability allows successful unauthenticated network attacks via None. Successful attack of this vulnerability can result in unauthorized takeover of Oracle Outside In Technology possibly including arbitrary code execution within the Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. In determining the CVSS score for this vulnerability we have assumed the hosting software exposes this functionality over the network without authentication. If this is not the case, the CVSS score could be much lower. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:P+). Fix has been released CVE-2012-0557 P-2276V-8.3.5 P-2276V-8.3.7 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-2276V-8.3.5 P-2276V-8.3.7 Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web application). Supported versions that are affected are 6.2.1, 8.0, 8.1 and 8.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-0558 P-5579V-6.2.1 P-5579V-8.0 P-5579V-8.1 P-5579V-8.2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-5579V-6.2.1 P-5579V-8.0 P-5579V-8.1 P-5579V-8.2 Vulnerability in the PeopleSoft Enterprise SCM component of Oracle PeopleSoft Products (subcomponent: Billing). Supported versions that are affected are 9.0 and 9.1. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise SCM accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Fix has been released CVE-2012-0559 P-5109V-9.0 P-5109V-9.1 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-5109V-9.0 P-5109V-9.1 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.50, 8.51 and 8.52. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-0560 P-5085V-8.50 P-5085V-8.51 P-5085V-8.52 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-5085V-8.50 P-5085V-8.51 P-5085V-8.52 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.50, 8.51 and 8.52. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Fix has been released CVE-2012-0561 P-5085V-8.50 P-5085V-8.51 P-5085V-8.52 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-5085V-8.50 P-5085V-8.51 P-5085V-8.52 Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: Candidate Gateway). The supported version that is affected is 9.1. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HRMS accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Fix has been released CVE-2012-0562 P-5043V-9.1 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-5043V-9.1 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Query). Supported versions that are affected are 8.50 and 8.51. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized takeover of PeopleSoft Enterprise PeopleTools possibly including arbitrary code execution within the PeopleSoft Enterprise PeopleTools. CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:P+/I:P+/A:P+). Fix has been released CVE-2012-0564 P-5085V-8.50 P-5085V-8.51 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-5085V-8.50 P-5085V-8.51 Vulnerability in the Oracle Agile component of Oracle Supply Chain Products Suite (subcomponent: Install). The supported version that is affected is 6.0.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Agile accessible data as well as read access to all Oracle Agile accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P+/I:P+/A:N). Fix has been released CVE-2012-0565 P-4448V-6.0.0 5.5 AV:N/AC:L/Au:S/C:P/I:P/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-4448V-6.0.0 Vulnerability in the Oracle Agile component of Oracle Supply Chain Products Suite (subcomponent: Supplier Portal). The supported version that is affected is 6.0.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Agile accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-0566 P-4447V-6.0.0 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-4447V-6.0.0 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Software (subcomponent: Core). Supported versions that are affected are 10.0.0 - 10.5.0 and 11.0.0 - 11.2.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle FLEXCUBE Universal Banking accessible data as well as read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). Fix has been released CVE-2012-0567 P-9052V-10.0.0 - 10.5.0 P-9052V-11.0.0 - 11.2.0 5.5 AV:N/AC:L/Au:S/C:P/I:P/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-9052V-10.0.0 - 10.5.0 P-9052V-11.0.0 - 11.2.0 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Software (subcomponent: Core). Supported versions that are affected are 10.0.0 - 10.5.0 and 11.0.0 - 11.4.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle FLEXCUBE Universal Banking accessible data. CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). Fix has been released CVE-2012-0571 P-9052V-10.0.0 - 10.5.0 P-9052V-11.0.0 - 11.4.0 4.0 AV:N/AC:L/Au:S/C:N/I:P/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-9052V-10.0.0 - 10.5.0 P-9052V-11.0.0 - 11.4.0 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Software (subcomponent: Core). Supported versions that are affected are 10.0.0 - 10.5.0 and 11.0.0 - 11.4.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle FLEXCUBE Universal Banking accessible data as well as read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS Base Score 4.9 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N). Fix has been released CVE-2012-0573 P-9052V-10.0.0 - 10.5.0 P-9052V-11.0.0 - 11.4.0 4.9 AV:N/AC:M/Au:S/C:P/I:P/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-9052V-10.0.0 - 10.5.0 P-9052V-11.0.0 - 11.4.0 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Software (subcomponent: Core). Supported versions that are affected are 10.0.0 - 10.5.0 and 11.0.0 - 11.2.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle FLEXCUBE Universal Banking accessible data as well as read access to a subset of Oracle FLEXCUBE Universal Banking accessible data and ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Universal Banking. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). Fix has been released CVE-2012-0575 P-9052V-10.0.0 - 10.5.0 P-9052V-11.0.0 - 11.2.0 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-9052V-10.0.0 - 10.5.0 P-9052V-11.0.0 - 11.2.0 Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Software (subcomponent: Core-Help). Supported versions that are affected are 6.0.1 and 6.2.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle FLEXCUBE Direct Banking accessible data. CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). Fix has been released CVE-2012-0576 P-9111V-6.0.1 P-9111V-6.2.0 4.0 AV:N/AC:L/Au:S/C:N/I:P/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-9111V-6.0.1 P-9111V-6.2.0 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Software (subcomponent: Core). Supported versions that are affected are 10.0.0 - 10.5.0 and 11.0.0 - 11.4.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Universal Banking. CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). Fix has been released CVE-2012-0577 P-9052V-10.0.0 - 10.5.0 P-9052V-11.0.0 - 11.4.0 3.5 AV:N/AC:M/Au:S/C:N/I:N/A:P CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-9052V-10.0.0 - 10.5.0 P-9052V-11.0.0 - 11.4.0 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Software (subcomponent: Core). Supported versions that are affected are 10.0.0 - 10.5.0 and 11.0.0 - 11.4.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). Fix has been released CVE-2012-0579 P-9052V-10.0.0 - 10.5.0 P-9052V-11.0.0 - 11.4.0 3.5 AV:N/AC:M/Au:S/C:P/I:N/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-9052V-10.0.0 - 10.5.0 P-9052V-11.0.0 - 11.4.0 Vulnerability in the Oracle Agile PLM for Process component of Oracle Supply Chain Products Suite (subcomponent: Supplier Portal). The supported version that is affected is 6.0.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Agile PLM for Process accessible data. CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-0580 P-4447V-6.0.0 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-4447V-6.0.0 Vulnerability in the Oracle Agile component of Oracle Supply Chain Products Suite (subcomponent: SCRM - Company Profiles). The supported version that is affected is 6.0.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Agile accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-0581 P-4445V-6.0.0 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-4445V-6.0.0 Vulnerability in the Siebel Clinical component of Oracle Industry Applications (subcomponent: Web UI). Supported versions that are affected are 7.7, 7.8, 8.0.0.x, 8.1.1.x and 8.2.2.x. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Siebel Clinical accessible data. CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). Fix has been released CVE-2012-0582 P-9173V-7.7 P-9173V-7.8 P-9173V-8.0.0.x P-9173V-8.1.1.x P-9173V-8.2.2.x 4.0 AV:N/AC:L/Au:S/C:N/I:P/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-9173V-7.7 P-9173V-7.8 P-9173V-8.0.0.x P-9173V-8.1.1.x P-9173V-8.2.2.x Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.1.60 and earlier and 5.5.19 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2012-0583 P-8478V-5.1.60 and earlier P-8478V-5.5.19 and earlier 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-8478V-5.1.60 and earlier P-8478V-5.5.19 and earlier Vulnerability in the Siebel Clinical component of Oracle Industry Applications (subcomponent: Web UI). Supported versions that are affected are 7.7, 7.8, 8.0.0.x, 8.1.1.x and 8.2.2.x. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Siebel Clinical accessible data. CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). Fix has been released CVE-2012-1674 P-9173V-7.7 P-9173V-7.8 P-9173V-8.0.0.x P-9173V-8.1.1.x P-9173V-8.2.2.x 4.0 AV:N/AC:L/Au:S/C:N/I:P/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-9173V-7.7 P-9173V-7.8 P-9173V-8.0.0.x P-9173V-8.1.1.x P-9173V-8.2.2.x Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Software (subcomponent: Virtual Banking). Supported versions that are affected are 5.0.2, 5.3.0 - 5.3.4, 6.0.1 and 6.2.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data. CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). Fix has been released CVE-2012-1676 P-9111V-5.0.2 P-9111V-5.3.0 - 5.3.4 P-9111V-6.0.1 P-9111V-6.2.0 3.5 AV:N/AC:M/Au:S/C:P/I:N/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-9111V-5.0.2 P-9111V-5.3.0 - 5.3.4 P-9111V-6.0.1 P-9111V-6.2.0 Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Software (subcomponent: Core-Base). Supported versions that are affected are 5.0.2, 5.3.0 - 5.3.4, 6.0.1 and 6.2.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle FLEXCUBE Direct Banking accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Fix has been released CVE-2012-1679 P-9111V-5.0.2 P-9111V-5.3.0 - 5.3.4 P-9111V-6.0.1 P-9111V-6.2.0 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-9111V-5.0.2 P-9111V-5.3.0 - 5.3.4 P-9111V-6.0.1 P-9111V-6.2.0 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel/sockfs ). Supported versions that are affected are 8, 9, 10 and 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). Oracle Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). Fix has been released CVE-2012-1681 P-8752V-8 P-8752V-9 P-8752V-10 P-8752V-11 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-8752V-8 P-8752V-9 P-8752V-10 P-8752V-11 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: gssd(1M)). Supported versions that are affected are 8, 9, 10 and 11. Very difficult to exploit vulnerability requiring logon to Operating System plus additional, multiple logins to components. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 5.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:M/C:C/I:C/A:C). Oracle Vector: (AV:L/AC:H/Au:M/C:C/I:C/A:C). Fix has been released CVE-2012-1683 P-8752V-8 P-8752V-9 P-8752V-10 P-8752V-11 5.9 AV:L/AC:H/Au:M/C:C/I:C/A:C CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-8752V-8 P-8752V-9 P-8752V-10 P-8752V-11 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Password Policy). Supported versions that are affected are 8, 9, 10 and 11. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 4.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:P/I:P/A:P). Oracle Vector: (AV:L/AC:L/Au:S/C:P/I:P/A:P). Fix has been released CVE-2012-1684 P-8752V-8 P-8752V-9 P-8752V-10 P-8752V-11 4.3 AV:L/AC:L/Au:S/C:P/I:P/A:P CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-8752V-8 P-8752V-9 P-8752V-10 P-8752V-11 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server DML). Supported versions that are affected are 5.1.61 and earlier and 5.5.21 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2012-1688 P-8478V-5.1.61 and earlier P-8478V-5.5.21 and earlier 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-8478V-5.1.61 and earlier P-8478V-5.5.21 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.61 and earlier and 5.5.21 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2012-1690 P-8478V-5.1.61 and earlier P-8478V-5.5.21 and earlier 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-8478V-5.1.61 and earlier P-8478V-5.5.21 and earlier Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel/Privileges). The supported version that is affected is 11. Difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:S/C:C/I:C/A:C). Oracle Vector: (AV:L/AC:M/Au:S/C:C/I:C/A:C). Fix has been released CVE-2012-1691 P-8752V-11 6.6 AV:L/AC:M/Au:S/C:C/I:C/A:C CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-8752V-11 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: SCTP(7P)). The supported version that is affected is 10. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). Oracle Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). Fix has been released CVE-2012-1692 P-8752V-10 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-8752V-10 Vulnerability in the SPARC Enterprise M Series Servers component of Oracle Sun Products Suite (subcomponent: XSCF Control Package (XCP) ). The supported version that is affected is XCP 1110. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via SSH. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of SPARC Enterprise M Series Servers. CVSS Base Score 2.6 (Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:H/Au:N/C:N/I:N/A:P+). Fix has been released CVE-2012-1693 P-8752V-XCP 1110 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-8752V-XCP 1110 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: libsasl(3LIB)). The supported version that is affected is 10. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Fix has been released CVE-2012-1694 P-8752V-10 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-8752V-10 Vulnerability in the Oracle JRockit component of Oracle Fusion Middleware. Supported versions that are affected are 28.2.2 and before: JDK/JRE 5 and 6 and 27.7.1 and before: JKD/JRE 5 and 6. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Oracle released a Java SE Critical Patch Update on February 2012 to address multiple vulnerabilities affecting the Java Runtime Environment. Oracle CVE-2012-1695 refers to the advisories that were applicable to JRockit from the Java SE Critical Patch Update. The CVSS score of this vulnerability CVE# reflects the highest among those fixed in JRockit. The complete list of all vulnerabilities addressed in JRockit under CVE-2012-1695 is as follows: CVE-2012-0497, CVE-2012-0498, CVE-2012-0499, CVE-2011-3563, CVE-2012-0501, and CVE-2011-5035. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Fix has been released CVE-2012-1695 P-5260V-28.2.2 and before: JDK/JRE 5 and 6 P-5260V-27.7.1 and before: JKD/JRE 5 and 6 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-5260V-28.2.2 and before: JDK/JRE 5 and 6 P-5260V-27.7.1 and before: JKD/JRE 5 and 6 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.5.19 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2012-1696 P-8478V-5.5.19 and earlier 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-8478V-5.5.19 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Partition). Supported versions that are affected are 5.5.21 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2012-1697 P-8478V-5.5.21 and earlier 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-8478V-5.5.21 and earlier Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel/GLD(7D)). The supported version that is affected is 11. Very difficult to exploit vulnerability allows successful authenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data. CVSS Base Score 2.1 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:H/Au:S/C:P/I:N/A:N). Fix has been released CVE-2012-1698 P-8752V-11 2.1 AV:N/AC:H/Au:S/C:P/I:N/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-8752V-11 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.61 and earlier and 5.5.21 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 6.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C). Fix has been released CVE-2012-1703 P-8478V-5.1.61 and earlier P-8478V-5.5.21 and earlier 6.8 AV:N/AC:L/Au:S/C:N/I:N/A:C CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-8478V-5.1.61 and earlier P-8478V-5.5.21 and earlier Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Software (subcomponent: Core-Base). Supported versions that are affected are 5.0.2, 5.3.0 - 5.3.4, 6.0.1 and 6.2.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data. CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). Fix has been released CVE-2012-1704 P-9111V-5.0.2 P-9111V-5.3.0 - 5.3.4 P-9111V-6.0.1 P-9111V-6.2.0 3.5 AV:N/AC:M/Au:S/C:P/I:N/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-9111V-5.0.2 P-9111V-5.3.0 - 5.3.4 P-9111V-6.0.1 P-9111V-6.2.0 Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Software (subcomponent: Logging). Supported versions that are affected are 5.0.2, 5.3.0 - 5.3.4, 6.0.1 and 6.2.0. Easily exploitable vulnerability allows successful network attacks via File, requiring multiple authentications. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle FLEXCUBE Direct Banking accessible data as well as read access to a subset of Oracle FLEXCUBE Direct Banking accessible data. CVSS Base Score 4.7 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:M/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:M/C:P/I:P/A:N). Fix has been released CVE-2012-1706 P-9111V-5.0.2 P-9111V-5.3.0 - 5.3.4 P-9111V-6.0.1 P-9111V-6.2.0 4.7 AV:N/AC:L/Au:M/C:P/I:P/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-9111V-5.0.2 P-9111V-5.3.0 - 5.3.4 P-9111V-6.0.1 P-9111V-6.2.0 Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Software (subcomponent: Core-Base). Supported versions that are affected are 5.0.2, 5.3.0 - 5.3.4, 6.0.1 and 6.2.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Fix has been released CVE-2012-1707 P-9111V-5.0.2 P-9111V-5.3.0 - 5.3.4 P-9111V-6.0.1 P-9111V-6.2.0 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-9111V-5.0.2 P-9111V-5.3.0 - 5.3.4 P-9111V-6.0.1 P-9111V-6.2.0 Vulnerability in the Application Express component of Oracle Database Server. Supported versions that are affected are 4.0 and 4.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Application Express accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-1708 P-1348V-4.0 P-1348V-4.1 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-1348V-4.0 P-1348V-4.1 Vulnerability in the Oracle WebCenter Forms Recognition component of Oracle Fusion Middleware (subcomponent: Designer). The supported version that is affected is 10.1.3.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebCenter Forms Recognition accessible data as well as read access to a subset of Oracle WebCenter Forms Recognition accessible data and ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Forms Recognition. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). Fix has been released CVE-2012-1709 P-5746V-10.1.3.5 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-5746V-10.1.3.5 Vulnerability in the Oracle WebCenter Forms Recognition component of Oracle Fusion Middleware (subcomponent: Designer). The supported version that is affected is 10.1.3.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebCenter Forms Recognition accessible data as well as read access to a subset of Oracle WebCenter Forms Recognition accessible data and ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Forms Recognition. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). Fix has been released CVE-2012-1710 P-5746V-10.1.3.5 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P CPUApr2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html P-5746V-10.1.3.5