Oracle Critical Patch Update Advisory - October 2012 - BETA ORACLE CVRF Oracle Critical Patch Update Advisory CPUOct2012 Final 1.0 1.0 2012-10-16T13:00:00-07:00 Initial Distribution 2012-10-16T13:00:00-07:00 2012-10-16T13:00:00-07:00 This document contains descriptions of Oracle product security vulnerabilities which have had fixes released for all supported versions and platforms for the associated product. Additional information regarding these vulnerabilities including fix distribution information can be found at the Oracle sites referenced in this document. This document is published at: http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/1841212.xml http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html URL to html version of Advisory Alexandr Polyakov Digital Security Andy Yang Stratsec Research Dana Lane Taylor University of Pennsylvania, Office of Information Security Dominic Sim KPMG Management Consulting, Singapore Esteban Martinez Fayo Application Security, Inc. Florian Lukavsky SEC Consult Francis Provencher Secunia Research John Zimmerman Cisco Juan Manuel Pascual Escriba Open Source & Security Services Corp Martin Carpenter Citco Martin Rakhmanov Application Security, Inc. Microsoft Vulnerability Research Microsoft Corp Paul Harrington NGS Secure Pavel Toporkov Positive Technologies Ronnie Sahlberg Ronnie Sahlberg Sam Thomas Pentest Limited Sjoerd Resink Fox-IT Thomas Biege SUSE Travis Emmert Travis Emmert Travis Emmert Veracode Oracle Database Version 10.2.0.3 Oracle Database Version 10.2.0.4 Oracle Database Version 10.2.0.5 Oracle Database Version 11.1.0.7 Oracle Database Version 11.2.0.2 Oracle Database Version 11.2.0.3 PL/SQL Version 10.2.0.3 PL/SQL Version 10.2.0.4 PL/SQL Version 10.2.0.5 PL/SQL Version 11.1.0.7 PL/SQL Version 11.2.0.2 PL/SQL Version 11.2.0.3 Oracle Net Services Version 10.2.0.4 Oracle Net Services Version 10.2.0.5 Oracle Net Services Version 11.1.0.7 Oracle Net Services Version 11.2.0.2 Oracle Net Services Version 11.2.0.3 JDBC Version 10.2.0.3 JDBC Version 10.2.0.4 JDBC Version 10.2.0.5 JDBC Version 11.1.0.7 JDBC Version 11.2.0.2 Oracle iStore Version 11.5.10.2 Oracle iStore Version 12.0.6 Oracle iStore Version 12.1.1 Oracle iStore Version 12.1.2 Oracle iStore Version 12.1.3 Oracle Human Resources Version 11.5.10.2 Oracle Human Resources Version 12.0.6 Oracle Human Resources Version 12.1.1 Oracle Human Resources Version 12.1.2 Oracle Human Resources Version 12.1.3 Oracle Application Object Library Version 11.5.10.2 Oracle Field Service Version 12.1.3 Oracle Marketing Encyclopedia System Version 11.5.10.2 Oracle Marketing Encyclopedia System Version 12.0.6 Oracle Marketing Encyclopedia System Version 12.1.1 Oracle Marketing Encyclopedia System Version 12.1.2 Oracle Marketing Encyclopedia System Version 12.1.3 Oracle iRecruitment Version 11.5.10.2 Oracle iRecruitment Version 12.0.6 Oracle iRecruitment Version 12.1.1 Oracle iRecruitment Version 12.1.2 Oracle iRecruitment Version 12.1.3 Oracle Applications Framework Version 11.5.10.2 Oracle Applications Framework Version 12.0.6 Oracle Applications Framework Version 12.1.3 Oracle Applications Technology Stack Version 11.5.10.2 Oracle Applications Technology Stack Version 12.0.6 Oracle Applications Technology Stack Version 12.1.3 Oracle FLEXCUBE Universal Banking Version 10.0.0 Oracle FLEXCUBE Universal Banking Version 10.0.2 Oracle FLEXCUBE Universal Banking Version 10.1.0 Oracle FLEXCUBE Universal Banking Version 10.2.0 Oracle FLEXCUBE Universal Banking Version 10.2.2 Oracle FLEXCUBE Universal Banking Version 10.3.0 Oracle FLEXCUBE Universal Banking Version 10.5.0 Oracle FLEXCUBE Universal Banking Version 11.0.0 - 11.2.0 Oracle FLEXCUBE Universal Banking Version 11.0.0 - 11.4.0 Oracle FLEXCUBE Universal Banking Version 12.0.0 Oracle FLEXCUBE Direct Banking Version 12 Oracle FLEXCUBE Direct Banking Version 5.0.2 Oracle FLEXCUBE Direct Banking Version 5.0.5 Oracle FLEXCUBE Direct Banking Version 5.1.0 Oracle FLEXCUBE Direct Banking Version 5.2.0 Oracle FLEXCUBE Direct Banking Version 5.3.0 - 5.3.4 Oracle FLEXCUBE Direct Banking Version 6.0.1 Oracle FLEXCUBE Direct Banking Version 6.2.0 Oracle Reports Developer Version 11.1.1.4 Oracle Reports Developer Version 11.1.1.6 Oracle Reports Developer Version 11.1.2.0 Oracle Application Server Single Sign-On Version 10.1.4.3.0 BI Publisher (formerly XML Publisher) Version 10.1.3.4.2 BI Publisher (formerly XML Publisher) Version 10.3.4.2 BI Publisher (formerly XML Publisher) Version 11.1.1.5.0 BI Publisher (formerly XML Publisher) Version 11.1.1.6.0 BI Publisher (formerly XML Publisher) Version 11.1.1.6.2 Oracle Business Intelligence Enterprise Edition Version - Oracle Imaging and Process Management Version 10.1.3.6.0 Oracle Outside In Technology Version 8.3.7.0 Oracle Weblogic Server Version 10.0.2.0 Oracle Weblogic Server Version 10.3.5.0 Oracle Weblogic Server Version 10.3.6.0 Oracle Weblogic Server Version 12.1.1.0 Oracle Weblogic Server Version 9.2.4.0 Oracle JRockit Version 27.7.3 and before: JKD/JRE 5 Oracle JRockit Version 28.2.4 and before: JDK/JRE 5 and 6 Oracle Event Processing Version 11.1.1.4.0 Oracle Event Processing Version 11.1.1.6.0 Oracle Event Processing Version 2.0 Oracle WebCenter Sites Version 11.1.1.6.0 Oracle WebCenter Sites Version 6.1 Oracle WebCenter Sites Version 6.2 Oracle WebCenter Sites Version 6.3.x Oracle WebCenter Sites Version 7 Oracle WebCenter Sites Version 7.0.1 Oracle WebCenter Sites Version 7.0.2 Oracle WebCenter Sites Version 7.0.3 Oracle WebCenter Sites Version 7.5 Oracle WebCenter Sites Version 7.6.1 Oracle WebCenter Sites Version 7.6.2 Oracle Clinical RDC Option Version 4.6.0 Oracle Clinical RDC Option Version 4.6.2 Health Sciences Product Version 1.3 Health Sciences Product Version 1.4 Health Sciences Product Version 1.4.2 MySQL Server Version 5.1.63 and earlier MySQL Server Version 5.1.64 and earlier MySQL Server Version 5.1.65 and earlier MySQL Server Version 5.5.25 and earlier MySQL Server Version 5.5.26 and earlier MySQL Server Version 5.5.27 and earlier PeopleSoft Enterprise PT PeopleTools Version 8.50 PeopleSoft Enterprise PT PeopleTools Version 8.51 PeopleSoft Enterprise PT PeopleTools Version 8.52 PeopleSoft Enterprise CS Student Records Version 9.0 Siebel Documentation Version 8.1.1 Siebel UI Framework Version 8.1.1 Oracle GlassFish Server Version Oracle GlassFish Server 3.0.1 Oracle GlassFish Server Version Oracle GlassFish Server 3.1.2 Oracle GlassFish Server Version Sun GlassFish Enterprise Server 2.1.1 Oracle GlassFish Server Version Sun Java System Application Server 8.1 Oracle GlassFish Server Version Sun Java System Application Server 8.2 Solaris Products Version 10 Solaris Products Version 11 Solaris Products Version 8 Solaris Products Version 9 Solaris Products Version SysFW 8.2.0.a for SPARC T3 Solaris Products Version T4 based servers; see 1475188.1 for other servers Oracle Agile Product Data Management for Process Version 5.2.2 Oracle Agile Product Data Management for Process Version 6.0.0.6.3 Oracle Agile Product Data Management for Process Version 6.1.0.0 Oracle Agile Product Data Management for Process Version 6.1.0.1.14 Oracle Agile Product Supplier Collaboration for Process Version 5.2.2 Oracle Agile Product Supplier Collaboration for Process Version 6.1.0.0 Oracle Agile PLM Framework Version 9.3.1.0 Oracle Agile PLM Framework Version 9.3.1.1 Oracle VM VirtualBox Version 3.2 Oracle VM VirtualBox Version 4.0 Oracle VM VirtualBox Version 4.1 Oracle Secure Global Desktop Version 4.6 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WebLogic Security). Supported versions that are affected are 9.2.4.0, 10.0.2.0, 10.3.5.0, 10.3.6.0 and 12.1.1.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebLogic Server accessible data as well as read access to a subset of Oracle WebLogic Server accessible data. CVSS Base Score 5.8 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N). Fix has been released CVE-2011-1411 P-5242V-9.2.4.0 P-5242V-10.0.2.0 P-5242V-10.3.5.0 P-5242V-10.3.6.0 P-5242V-12.1.1.0 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-5242V-9.2.4.0 P-5242V-10.0.2.0 P-5242V-10.3.5.0 P-5242V-10.3.6.0 P-5242V-12.1.1.0 Vulnerability in the Oracle Event Processing component of Oracle Fusion Middleware (subcomponent: Complex Event Processing System). Supported versions that are affected are 2.0, 11.1.1.4.0 and 11.1.1.6.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Event Processing accessible data as well as read access to a subset of Oracle Event Processing accessible data. CVSS Base Score 5.8 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N). Fix has been released CVE-2011-1411 P-5370V-2.0 P-5370V-11.1.1.4.0 P-5370V-11.1.1.6.0 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-5370V-2.0 P-5370V-11.1.1.4.0 P-5370V-11.1.1.6.0 Vulnerability in the Oracle Imaging and Process Management component of Oracle Fusion Middleware (subcomponent: Web). The supported version that is affected is 10.1.3.6.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Imaging and Process Management accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-0071 P-2273V-10.1.3.6.0 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-2273V-10.1.3.6.0 Vulnerability in the Oracle Imaging and Process Management component of Oracle Fusion Middleware (subcomponent: Web). The supported version that is affected is 10.1.3.6.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Imaging and Process Management accessible data. CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). Fix has been released CVE-2012-0086 P-2273V-10.1.3.6.0 3.5 AV:N/AC:M/Au:S/C:P/I:N/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-2273V-10.1.3.6.0 Vulnerability in the Oracle Imaging and Process Management component of Oracle Fusion Middleware (subcomponent: Web). The supported version that is affected is 10.1.3.6.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Imaging and Process Management accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Fix has been released CVE-2012-0090 P-2273V-10.1.3.6.0 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-2273V-10.1.3.6.0 Vulnerability in the Oracle Imaging and Process Management component of Oracle Fusion Middleware (subcomponent: Web). The supported version that is affected is 10.1.3.6.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Imaging and Process Management accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Fix has been released CVE-2012-0092 P-2273V-10.1.3.6.0 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-2273V-10.1.3.6.0 Vulnerability in the Oracle Imaging and Process Management component of Oracle Fusion Middleware (subcomponent: Web). The supported version that is affected is 10.1.3.6.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Imaging and Process Management accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-0093 P-2273V-10.1.3.6.0 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-2273V-10.1.3.6.0 Vulnerability in the Oracle Imaging and Process Management component of Oracle Fusion Middleware (subcomponent: Web). The supported version that is affected is 10.1.3.6.0. Very difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Imaging and Process Management accessible data. CVSS Base Score 2.1 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:H/Au:S/C:P/I:N/A:N). Fix has been released CVE-2012-0095 P-2273V-10.1.3.6.0 2.1 AV:N/AC:H/Au:S/C:P/I:N/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-2273V-10.1.3.6.0 Vulnerability in the Oracle Imaging and Process Management component of Oracle Fusion Middleware (subcomponent: Web). The supported version that is affected is 10.1.3.6.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Imaging and Process Management accessible data as well as read access to all Oracle Imaging and Process Management accessible data. CVSS Base Score 4.9 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:P+/I:P+/A:N). Fix has been released CVE-2012-0106 P-2273V-10.1.3.6.0 4.9 AV:N/AC:M/Au:S/C:P/I:P/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-2273V-10.1.3.6.0 Vulnerability in the Oracle Imaging and Process Management component of Oracle Fusion Middleware (subcomponent: Web). The supported version that is affected is 10.1.3.6.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Imaging and Process Management. CVSS Base Score 4.3 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P). Fix has been released CVE-2012-0107 P-2273V-10.1.3.6.0 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-2273V-10.1.3.6.0 Vulnerability in the Oracle Imaging and Process Management component of Oracle Fusion Middleware (subcomponent: Web). The supported version that is affected is 10.1.3.6.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Imaging and Process Management accessible data. CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). Fix has been released CVE-2012-0108 P-2273V-10.1.3.6.0 3.5 AV:N/AC:M/Au:S/C:P/I:N/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-2273V-10.1.3.6.0 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: CVE-2012-0217 only affects Solaris instances running on platforms other than SPARC. CVSS Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). Fix has been released CVE-2012-0217 P-8752V-10 P-8752V-11 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-8752V-10 P-8752V-11 Vulnerability in the Oracle Application Server Single Sign-On component of Oracle Fusion Middleware (subcomponent: Cookies/Tokens, Redirects). The supported version that is affected is 10.1.4.3.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Server Single Sign-On accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-0518 P-1318V-10.1.4.3.0 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-1318V-10.1.4.3.0 Vulnerability in the Secure Global Desktop component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is 4.6. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Secure Global Desktop accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-1685 P-8539V-4.6 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-8539V-4.6 Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Installation). For supported versions that are affected see note. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Business Intelligence Enterprise Edition accessible data. Note: Fixed in all supported releases and patchsets. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-1686 P-2025V-- 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-2025V-- Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Create session, create flashback archive privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.2 and 11.2.0.3. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized takeover of Core RDBMS possibly including arbitrary code execution within the Core RDBMS. CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:P+/I:P+/A:P+). Fix has been released CVE-2012-1751 P-5V-11.1.0.7 P-5V-11.2.0.2 P-5V-11.2.0.3 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-5V-11.1.0.7 P-5V-11.2.0.2 P-5V-11.2.0.3 Vulnerability in the Oracle Clinical/Remote Data Capture component of Oracle Industry Applications (subcomponent: HTML Surround). Supported versions that are affected are 4.6.0 and 4.6.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to all Oracle Clinical/Remote Data Capture accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P+/I:N/A:N). Fix has been released CVE-2012-1763 P-1041V-4.6.0 P-1041V-4.6.2 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-1041V-4.6.0 P-1041V-4.6.2 Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Create session, create table privileges for a successful attack. Supported versions that are affected are 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2 and 11.2.0.3. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized takeover of Core RDBMS possibly including arbitrary code execution within the Core RDBMS. CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:P+/I:P+/A:P+). Fix has been released CVE-2012-3132 P-5V-10.2.0.3 P-5V-10.2.0.4 P-5V-10.2.0.5 P-5V-11.1.0.7 P-5V-11.2.0.2 P-5V-11.2.0.3 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-5V-10.2.0.3 P-5V-10.2.0.4 P-5V-10.2.0.5 P-5V-11.1.0.7 P-5V-11.2.0.2 P-5V-11.2.0.3 Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2 and 11.2.0.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: The CVSS Base Score is 10.0 only for Windows. For Linux, Unix and other platforms, the CVSS Base Score is 7.5, and the impacts for Confidentiality, Integrity and Availability are Partial+. <p> </br> For information, refer to Patching for CVE-2012-3137, <A HREF="http://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1493990.1">My Oracle Support Note 1493990.1</a> </p> <p> In some configurations, client-side updates for Database, Enterprise Manager Grid Control, WebLogic Server and Fusion Middleware are recommended. For information on what patches need to be applied to your environments, refer to Critical Patch Update October 2012 Patch Availability Document for Oracle Products, <A HREF="http://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1477727.1">My Oracle Support Note 1477727.1</a> </p>. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Fix has been released CVE-2012-3137 P-5V-10.2.0.3 P-5V-10.2.0.4 P-5V-10.2.0.5 P-5V-11.1.0.7 P-5V-11.2.0.2 P-5V-11.2.0.3 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-5V-10.2.0.3 P-5V-10.2.0.4 P-5V-10.2.0.5 P-5V-11.1.0.7 P-5V-11.2.0.2 P-5V-11.2.0.3 Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7 and 11.2.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Fix has been released CVE-2012-3137 P-5V-10.2.0.3 P-5V-10.2.0.4 P-5V-10.2.0.5 P-5V-11.1.0.7 P-5V-11.2.0.2 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-5V-10.2.0.3 P-5V-10.2.0.4 P-5V-10.2.0.5 P-5V-11.1.0.7 P-5V-11.2.0.2 Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7 and 11.2.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Fix has been released CVE-2012-3137 P-972V-10.2.0.3 P-972V-10.2.0.4 P-972V-10.2.0.5 P-972V-11.1.0.7 P-972V-11.2.0.2 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-972V-10.2.0.3 P-972V-10.2.0.4 P-972V-10.2.0.5 P-972V-11.1.0.7 P-972V-11.2.0.2 Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Web interface). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.1, 12.1.2 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle iStore accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-3138 P-384V-11.5.10.2 P-384V-12.0.6 P-384V-12.1.1 P-384V-12.1.2 P-384V-12.1.3 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-384V-11.5.10.2 P-384V-12.0.6 P-384V-12.1.1 P-384V-12.1.2 P-384V-12.1.3 Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Signon (local and SSO)). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Object Library accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-3139 P-510V-11.5.10.2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-510V-11.5.10.2 Vulnerability in the Oracle Agile PLM For Process component of Oracle Supply Chain Products Suite (subcomponent: Supply Chain Relationship Mgmt). Supported versions that are affected are 6.0.0.6.3 and 6.1.0.1.14. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Agile PLM For Process accessible data as well as read access to a subset of Oracle Agile PLM For Process accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:P+/A:N). Fix has been released CVE-2012-3140 P-4445V-6.0.0.6.3 P-4445V-6.1.0.1.14 5.5 AV:N/AC:L/Au:S/C:P/I:P/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-4445V-6.0.0.6.3 P-4445V-6.1.0.1.14 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Software (subcomponent: BASE). Supported versions that are affected are 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0 and 11.0.0 - 11.2.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle FLEXCUBE Universal Banking accessible data. CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). Fix has been released CVE-2012-3141 P-9052V-10.0.0 P-9052V-10.0.2 P-9052V-10.1.0 P-9052V-10.2.0 P-9052V-10.2.2 P-9052V-10.3.0 P-9052V-10.5.0 P-9052V-11.0.0 - 11.2.0 4.0 AV:N/AC:L/Au:S/C:N/I:P/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-9052V-10.0.0 P-9052V-10.0.2 P-9052V-10.1.0 P-9052V-10.2.0 P-9052V-10.2.2 P-9052V-10.3.0 P-9052V-10.5.0 P-9052V-11.0.0 - 11.2.0 Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Software (subcomponent: BASE). Supported versions that are affected are 5.0.5, 5.1.0, 5.2.0 and 5.3.0 - 5.3.4. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data. CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). Fix has been released CVE-2012-3142 P-9111V-5.0.5 P-9111V-5.1.0 P-9111V-5.2.0 P-9111V-5.3.0 - 5.3.4 3.5 AV:N/AC:M/Au:S/C:P/I:N/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-9111V-5.0.5 P-9111V-5.1.0 P-9111V-5.2.0 P-9111V-5.3.0 - 5.3.4 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server). Supported versions that are affected are 5.5.26 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2012-3144 P-8478V-5.5.26 and earlier 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-8478V-5.5.26 and earlier Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Software (subcomponent: BASE). Supported versions that are affected are 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.0 - 5.3.4 and 6.2.0. Difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data. CVSS Base Score 1.5 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:M/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:L/AC:M/Au:S/C:P/I:N/A:N). Fix has been released CVE-2012-3145 P-9111V-5.0.2 P-9111V-5.0.5 P-9111V-5.1.0 P-9111V-5.2.0 P-9111V-5.3.0 - 5.3.4 P-9111V-6.2.0 1.5 AV:L/AC:M/Au:S/C:P/I:N/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-9111V-5.0.2 P-9111V-5.0.5 P-9111V-5.1.0 P-9111V-5.2.0 P-9111V-5.3.0 - 5.3.4 P-9111V-6.2.0 Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Create session, create any directory privileges for a successful attack. Supported versions that are affected are 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2 and 11.2.0.3. Very difficult to exploit vulnerability allows successful authenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Core RDBMS accessible data. CVSS Base Score 2.1 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:H/Au:S/C:N/I:P/A:N). Fix has been released CVE-2012-3146 P-11V-10.2.0.3 P-11V-10.2.0.4 P-11V-10.2.0.5 P-11V-11.1.0.7 P-11V-11.2.0.2 P-11V-11.2.0.3 2.1 AV:N/AC:H/Au:S/C:N/I:P/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-11V-10.2.0.3 P-11V-10.2.0.4 P-11V-10.2.0.5 P-11V-11.1.0.7 P-11V-11.2.0.2 P-11V-11.2.0.3 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MySQL Client). Supported versions that are affected are 5.5.26 and earlier. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some MySQL Server accessible data and ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS Base Score 6.4 (Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:P). Fix has been released CVE-2012-3147 P-8478V-5.5.26 and earlier 6.4 AV:N/AC:L/Au:N/C:N/I:P/A:P CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-8478V-5.5.26 and earlier Vulnerability in the Oracle Field Service component of Oracle E-Business Suite (subcomponent: Wireless/WAP upload). The supported version that is affected is 12.1.3. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Field Service accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Fix has been released CVE-2012-3148 P-747V-12.1.3 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-747V-12.1.3 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MySQL Client). Supported versions that are affected are 5.5.26 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). Fix has been released CVE-2012-3149 P-8478V-5.5.26 and earlier 3.5 AV:N/AC:M/Au:S/C:P/I:N/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-8478V-5.5.26 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.64 and earlier and 5.5.26 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2012-3150 P-8478V-5.1.64 and earlier P-8478V-5.5.26 and earlier 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-8478V-5.1.64 and earlier P-8478V-5.5.26 and earlier Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2 and 11.2.0.3. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Core RDBMS accessible data and ability to cause a hang or frequently repeatable crash (complete DOS) of Core RDBMS. Note: The vulnerability affects Unix and Linux platforms only. CVSS Base Score 3.3 (Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P). Oracle Vector: (AV:L/AC:M/Au:N/C:N/I:P+/A:P+). Fix has been released CVE-2012-3151 P-115V-10.2.0.4 P-115V-10.2.0.5 P-115V-11.1.0.7 P-115V-11.2.0.2 P-115V-11.2.0.3 3.3 AV:L/AC:M/Au:N/C:N/I:P/A:P CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-115V-10.2.0.4 P-115V-10.2.0.5 P-115V-11.1.0.7 P-115V-11.2.0.2 P-115V-11.2.0.3 Vulnerability in the Oracle Reports Developer component of Oracle Fusion Middleware (subcomponent: Report Server Component). Supported versions that are affected are 11.1.1.4, 11.1.1.6 and 11.1.2.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Reports Developer accessible data as well as read access to all Oracle Reports Developer accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:N). Fix has been released CVE-2012-3152 P-159V-11.1.1.4 P-159V-11.1.1.6 P-159V-11.1.2.0 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-159V-11.1.1.4 P-159V-11.1.1.6 P-159V-11.1.2.0 Vulnerability in the Oracle Reports Developer component of Oracle Fusion Middleware (subcomponent: Servlet). Supported versions that are affected are 11.1.1.4, 11.1.1.6 and 11.1.2.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Reports Developer accessible data as well as read access to a subset of Oracle Reports Developer accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Fix has been released CVE-2012-3153 P-159V-11.1.1.4 P-159V-11.1.1.6 P-159V-11.1.2.0 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-159V-11.1.1.4 P-159V-11.1.1.6 P-159V-11.1.2.0 Vulnerability in the Oracle Agile PLM Framework component of Oracle Supply Chain Products Suite (subcomponent: ATTACH). The supported version that is affected is 9.3.1.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Agile PLM Framework accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Fix has been released CVE-2012-3154 P-4461V-9.3.1.0 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-4461V-9.3.1.0 Vulnerability in the Oracle GlassFish Server, Sun GlassFish Enterprise Server, Sun Java System Application Server component of Oracle Sun Products Suite (subcomponent: CORBA ORB). Supported versions that are affected are Sun GlassFish Enterprise Server 2.1.1, Oracle GlassFish Server 3.0.1, Oracle GlassFish Server 3.1.2, Sun Java System Application Server 8.1 and Sun Java System Application Server 8.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GlassFish Server, Sun GlassFish Enterprise Server, Sun Java System Application Server. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P+). Fix has been released CVE-2012-3155 P-8493V-Sun GlassFish Enterprise Server 2.1.1 P-8493V-Oracle GlassFish Server 3.0.1 P-8493V-Oracle GlassFish Server 3.1.2 P-8493V-Sun Java System Application Server 8.1 P-8493V-Sun Java System Application Server 8.2 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-8493V-Sun GlassFish Enterprise Server 2.1.1 P-8493V-Oracle GlassFish Server 3.0.1 P-8493V-Oracle GlassFish Server 3.1.2 P-8493V-Sun Java System Application Server 8.1 P-8493V-Sun Java System Application Server 8.2 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server). Supported versions that are affected are 5.5.25 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2012-3156 P-8478V-5.5.25 and earlier 3.5 AV:N/AC:M/Au:S/C:N/I:N/A:P CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-8478V-5.5.25 and earlier Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Software (subcomponent: BASE). Supported versions that are affected are 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.0 - 5.3.4, 6.0.1, 6.2.0 and 12. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle FLEXCUBE Direct Banking accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Fix has been released CVE-2012-3157 P-9111V-5.0.2 P-9111V-5.0.5 P-9111V-5.1.0 P-9111V-5.2.0 P-9111V-5.3.0 - 5.3.4 P-9111V-6.0.1 P-9111V-6.2.0 P-9111V-12 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-9111V-5.0.2 P-9111V-5.0.5 P-9111V-5.1.0 P-9111V-5.2.0 P-9111V-5.3.0 - 5.3.4 P-9111V-6.0.1 P-9111V-6.2.0 P-9111V-12 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Protocol). Supported versions that are affected are 5.1.64 and earlier and 5.5.26 and earlier. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized takeover of MySQL Server possibly including arbitrary code execution within the MySQL Server. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:P+). Fix has been released CVE-2012-3158 P-8478V-5.1.64 and earlier P-8478V-5.5.26 and earlier 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-8478V-5.1.64 and earlier P-8478V-5.5.26 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Installation). Supported versions that are affected are 5.1.65 and earlier and 5.5.27 and earlier. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS Base Score 2.1 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2012-3160 P-8478V-5.1.65 and earlier P-8478V-5.5.27 and earlier 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-8478V-5.1.65 and earlier P-8478V-5.5.27 and earlier Vulnerability in the Oracle Agile PLM Framework component of Oracle Supply Chain Products Suite (subcomponent: Web Client (CS)). The supported version that is affected is 9.3.1.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Agile PLM Framework accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-3161 P-4461V-9.3.1.1 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-4461V-9.3.1.1 Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: MDS loading). Supported versions that are affected are 11.5.10.2, 12.0.6 and 12.1.3. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized read access to a subset of Oracle Applications Framework accessible data. CVSS Base Score 1.7 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:L/AC:L/Au:S/C:P/I:N/A:N). Fix has been released CVE-2012-3162 P-1472V-11.5.10.2 P-1472V-12.0.6 P-1472V-12.1.3 1.7 AV:L/AC:L/Au:S/C:P/I:N/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-1472V-11.5.10.2 P-1472V-12.0.6 P-1472V-12.1.3 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Information Schema). Supported versions that are affected are 5.1.64 and earlier and 5.5.26 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: The CVSS Base Score is 9.0 only for Windows. For Linux, Unix and other platforms, the CVSS Base Score is 6.5, and the impacts for Confidentiality, Integrity and Availability are Partial+. CVSS Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C). Oracle Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C). Fix has been released CVE-2012-3163 P-8478V-5.1.64 and earlier P-8478V-5.5.26 and earlier 9.0 AV:N/AC:L/Au:S/C:C/I:C/A:C CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-8478V-5.1.64 and earlier P-8478V-5.5.26 and earlier Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: Publish Item). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.1, 12.1.2 and 12.1.3. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Marketing accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Fix has been released CVE-2012-3164 P-759V-11.5.10.2 P-759V-12.0.6 P-759V-12.1.1 P-759V-12.1.2 P-759V-12.1.3 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-759V-11.5.10.2 P-759V-12.0.6 P-759V-12.1.1 P-759V-12.1.2 P-759V-12.1.3 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: mailx(1)). Supported versions that are affected are 8, 9, 10 and 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data. CVSS Base Score 3.6 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:N). Fix has been released CVE-2012-3165 P-8752V-8 P-8752V-9 P-8752V-10 P-8752V-11 3.6 AV:L/AC:L/Au:N/C:P/I:P/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-8752V-8 P-8752V-9 P-8752V-10 P-8752V-11 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.1.63 and earlier and 5.5.25 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2012-3166 P-8478V-5.1.63 and earlier P-8478V-5.5.25 and earlier 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-8478V-5.1.63 and earlier P-8478V-5.5.25 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Full Text Search). Supported versions that are affected are 5.1.63 and earlier and 5.5.25 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2012-3167 P-8478V-5.1.63 and earlier P-8478V-5.5.25 and earlier 3.5 AV:N/AC:M/Au:S/C:N/I:N/A:P CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-8478V-5.1.63 and earlier P-8478V-5.5.25 and earlier Vulnerability in the Oracle Applications Technology Stack component of Oracle E-Business Suite (subcomponent: Autoconfig Templates). Supported versions that are affected are 11.5.10.2, 12.0.6 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Technology Stack accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2012-3171 P-1745V-11.5.10.2 P-1745V-12.0.6 P-1745V-12.1.3 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-1745V-11.5.10.2 P-1745V-12.0.6 P-1745V-12.1.3 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB Plugin). Supported versions that are affected are 5.1.63 and earlier and 5.5.25 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2012-3173 P-8478V-5.1.63 and earlier P-8478V-5.5.25 and earlier 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-8478V-5.1.63 and earlier P-8478V-5.5.25 and earlier Vulnerability in the Oracle Application Server Single Sign-On component of Oracle Fusion Middleware (subcomponent: Cookies/Tokens, Redirects). The supported version that is affected is 10.1.4.3.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Server Single Sign-On accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-3175 P-1318V-10.1.4.3.0 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-1318V-10.1.4.3.0 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Panel Processor). The supported version that is affected is 8.52. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Fix has been released CVE-2012-3176 P-5085V-8.52 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-5085V-8.52 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server). Supported versions that are affected are 5.1.65 and earlier and 5.5.27 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 6.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C). Fix has been released CVE-2012-3177 P-8478V-5.1.65 and earlier P-8478V-5.5.27 and earlier 6.8 AV:N/AC:L/Au:S/C:N/I:N/A:C CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-8478V-5.1.65 and earlier P-8478V-5.5.27 and earlier Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Tree Manager). Supported versions that are affected are 8.50, 8.51 and 8.52. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Fix has been released CVE-2012-3179 P-5085V-8.50 P-5085V-8.51 P-5085V-8.52 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-5085V-8.50 P-5085V-8.51 P-5085V-8.52 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.65 and earlier and 5.5.27 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2012-3180 P-8478V-5.1.65 and earlier P-8478V-5.5.27 and earlier 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-8478V-5.1.65 and earlier P-8478V-5.5.27 and earlier Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 8.50, 8.51 and 8.52. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Fix has been released CVE-2012-3181 P-5085V-8.50 P-5085V-8.51 P-5085V-8.52 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-5085V-8.50 P-5085V-8.51 P-5085V-8.52 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). The supported version that is affected is 8.52. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-3182 P-5085V-8.52 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-5085V-8.52 Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2 and 11.1.1.6.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebCenter Sites accessible data as well as read access to a subset of Oracle WebCenter Sites accessible data. CVSS Base Score 4.9 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N). Fix has been released CVE-2012-3183 P-9617V-6.1 P-9617V-6.2 P-9617V-6.3.x P-9617V-7 P-9617V-7.0.1 P-9617V-7.0.2 P-9617V-7.0.3 P-9617V-7.5 P-9617V-7.6.1 P-9617V-7.6.2 P-9617V-11.1.1.6.0 4.9 AV:N/AC:M/Au:S/C:P/I:P/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-9617V-6.1 P-9617V-6.2 P-9617V-6.3.x P-9617V-7 P-9617V-7.0.1 P-9617V-7.0.2 P-9617V-7.0.3 P-9617V-7.5 P-9617V-7.6.1 P-9617V-7.6.2 P-9617V-11.1.1.6.0 Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2 and 11.1.1.6.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebCenter Sites accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-3184 P-9617V-6.1 P-9617V-6.2 P-9617V-6.3.x P-9617V-7 P-9617V-7.0.1 P-9617V-7.0.2 P-9617V-7.0.3 P-9617V-7.5 P-9617V-7.6.1 P-9617V-7.6.2 P-9617V-11.1.1.6.0 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-9617V-6.1 P-9617V-6.2 P-9617V-6.3.x P-9617V-7 P-9617V-7.0.1 P-9617V-7.0.2 P-9617V-7.0.3 P-9617V-7.5 P-9617V-7.6.1 P-9617V-7.6.2 P-9617V-11.1.1.6.0 Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2 and 11.1.1.6.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebCenter Sites accessible data as well as read access to a subset of Oracle WebCenter Sites accessible data. CVSS Base Score 4.9 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N). Fix has been released CVE-2012-3185 P-9617V-6.1 P-9617V-6.2 P-9617V-6.3.x P-9617V-7 P-9617V-7.0.1 P-9617V-7.0.2 P-9617V-7.0.3 P-9617V-7.5 P-9617V-7.6.1 P-9617V-7.6.2 P-9617V-11.1.1.6.0 4.9 AV:N/AC:M/Au:S/C:P/I:P/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-9617V-6.1 P-9617V-6.2 P-9617V-6.3.x P-9617V-7 P-9617V-7.0.1 P-9617V-7.0.2 P-9617V-7.0.3 P-9617V-7.5 P-9617V-7.6.1 P-9617V-7.6.2 P-9617V-11.1.1.6.0 Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2 and 11.1.1.6.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebCenter Sites accessible data as well as read access to a subset of Oracle WebCenter Sites accessible data. CVSS Base Score 4.9 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N). Fix has been released CVE-2012-3186 P-9617V-6.1 P-9617V-6.2 P-9617V-6.3.x P-9617V-7 P-9617V-7.0.1 P-9617V-7.0.2 P-9617V-7.0.3 P-9617V-7.5 P-9617V-7.6.1 P-9617V-7.6.2 P-9617V-11.1.1.6.0 4.9 AV:N/AC:M/Au:S/C:P/I:P/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-9617V-6.1 P-9617V-6.2 P-9617V-6.3.x P-9617V-7 P-9617V-7.0.1 P-9617V-7.0.2 P-9617V-7.0.3 P-9617V-7.5 P-9617V-7.6.1 P-9617V-7.6.2 P-9617V-11.1.1.6.0 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel). The supported version that is affected is 10. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). Fix has been released CVE-2012-3187 P-8752V-10 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-8752V-10 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.50 and 8.51. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Fix has been released CVE-2012-3188 P-5085V-8.50 P-5085V-8.51 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-5085V-8.50 P-5085V-8.51 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: COMSTAR). The supported version that is affected is 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP(iSCSI). Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 7.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). Fix has been released CVE-2012-3189 P-8752V-11 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-8752V-11 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Data Mover). Supported versions that are affected are 8.50, 8.51 and 8.52. Very difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:H/Au:S/C:N/I:N/A:P). Fix has been released CVE-2012-3191 P-5085V-8.50 P-5085V-8.51 P-5085V-8.52 2.1 AV:N/AC:H/Au:S/C:N/I:N/A:P CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-5085V-8.50 P-5085V-8.51 P-5085V-8.52 Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware (subcomponent: Administration). Supported versions that are affected are 10.3.4.2, 11.1.1.5.0,11.1.1.6.0 and 11.1.1.6.2. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). Fix has been released CVE-2012-3193 P-1479V-10.3.4.2 P-1479V-11.1.1.5.0 P-1479V-11.1.1.6.0 P-1479V-11.1.1.6.2 3.5 AV:N/AC:M/Au:S/C:P/I:N/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-1479V-10.3.4.2 P-1479V-11.1.1.5.0 P-1479V-11.1.1.6.0 P-1479V-11.1.1.6.2 Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware (subcomponent: Administration). Supported versions that are affected are 10.1.3.4.2, 11.1.1.5.0, 11.1.1.6.0 and 11.1.1.6.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle BI Publisher accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-3194 P-1479V-10.1.3.4.2 P-1479V-11.1.1.5.0 P-1479V-11.1.1.6.0 P-1479V-11.1.1.6.2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-1479V-10.1.3.4.2 P-1479V-11.1.1.5.0 P-1479V-11.1.1.6.0 P-1479V-11.1.1.6.2 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.50, 8.51 and 8.52. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Fix has been released CVE-2012-3195 P-5085V-8.50 P-5085V-8.51 P-5085V-8.52 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-5085V-8.50 P-5085V-8.51 P-5085V-8.52 Vulnerability in the Oracle Human Resources component of Oracle E-Business Suite (subcomponent: PDF generation). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Human Resources accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Human Resources. CVSS Base Score 6.4 (Confidentiality and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P). Fix has been released CVE-2012-3196 P-507V-11.5.10.2 P-507V-12.0.6 P-507V-12.1.1 P-507V-12.1.2 P-507V-12.1.3 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-507V-11.5.10.2 P-507V-12.0.6 P-507V-12.1.1 P-507V-12.1.2 P-507V-12.1.3 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Replication). Supported versions that are affected are 5.1.64 and earlier and 5.5.26 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2012-3197 P-8478V-5.1.64 and earlier P-8478V-5.5.26 and earlier 3.5 AV:N/AC:M/Au:S/C:N/I:N/A:P CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-8478V-5.1.64 and earlier P-8478V-5.5.26 and earlier Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Query). Supported versions that are affected are 8.51 and 8.52. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Fix has been released CVE-2012-3198 P-5085V-8.51 P-5085V-8.52 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-5085V-8.51 P-5085V-8.52 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Gnome Trusted Extension). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). Fix has been released CVE-2012-3199 P-8752V-10 P-8752V-11 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-8752V-10 P-8752V-11 Vulnerability in the Oracle Agile PLM Framework component of Oracle Supply Chain Products Suite (subcomponent: ROLESPRV). The supported version that is affected is 9.3.1.1. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Agile PLM Framework accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Fix has been released CVE-2012-3200 P-4461V-9.3.1.1 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-4461V-9.3.1.1 Vulnerability in the PeopleSoft Enterprise Campus Solutions component of Oracle PeopleSoft Products (subcomponent: Self-Service (Student Records)). The supported version that is affected is 9.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise Campus Solutions accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Fix has been released CVE-2012-3201 P-5182V-9.0 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-5182V-9.0 Vulnerability in the Oracle JRockit component of Oracle Fusion Middleware. Supported versions that are affected are 28.2.4 and before: JDK/JRE 5 and 6 and 27.7.3 and before: JKD/JRE 5. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Oracle released a <a href="http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html">Java SE Critical Patch Update</a> on October 16, 2012 to address multiple vulnerabilities affecting the Java Runtime Environment. Oracle CVE-2012-3202 refers to the advisories that are applicable to JRockit from the Java SE Critical Patch Update. The CVSS score of this vulnerability CVE# reflects the highest among those fixed in JRockit. The complete list of all vulnerabilities addressed in JRockit under CVE-2012-3202 is as follows: CVE-2012-5083, CVE-2012-1531, CVE-2012-5081, and CVE-2012-5085. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Fix has been released CVE-2012-3202 P-5260V-28.2.4 and before: JDK/JRE 5 and 6 P-5260V-27.7.3 and before: JKD/JRE 5 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-5260V-28.2.4 and before: JDK/JRE 5 and 6 P-5260V-27.7.3 and before: JKD/JRE 5 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Gnome Display Manager(GDM)). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P+). Fix has been released CVE-2012-3203 P-8752V-11 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-8752V-11 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Power Management). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). Fix has been released CVE-2012-3204 P-8752V-11 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-8752V-11 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Vino server). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data. CVSS Base Score 2.1 (Integrity impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:L/AC:L/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-3205 P-8752V-11 2.1 AV:L/AC:L/Au:N/C:N/I:P/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-8752V-11 Vulnerability in the SPARC T3, Netra SPARC T3, SPARC T4, Netra SPARC T4 component of Oracle Sun Products Suite (subcomponent: Integrated Lights Out Manager CLI). Supported versions that are affected are SysFW 8.2.0.a for SPARC T3 and T4 based servers; see 1475188.1 for other servers. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of SPARC T3, Netra SPARC T3, SPARC T4, Netra SPARC T4 accessible data. Note: Specific products affected by CVE-2012-3206 are: SPARC T3-1, SPARC T3-2, SPARC T3-4, SPARC T3-1B, Netra SPARC T3-1, Netra SPARC T3-1B, SPARC T4-1, SPARC T4-2, SPARC T4-4, SPARC T4-1B, Netra SPARC T4-1, Netra SPARC T4-2, Netra SPARC T4-2B. CVSS Base Score 2.1 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2012-3206 P-8752V-SysFW 8.2.0.a for SPARC T3 P-8752V-T4 based servers; see 1475188.1 for other servers 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-8752V-SysFW 8.2.0.a for SPARC T3 P-8752V-T4 based servers; see 1475188.1 for other servers Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel). Supported versions that are affected are 9, 10 and 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). Oracle Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). Fix has been released CVE-2012-3207 P-8752V-9 P-8752V-10 P-8752V-11 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-8752V-9 P-8752V-10 P-8752V-11 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel/RCTL). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). Oracle Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). Fix has been released CVE-2012-3208 P-8752V-10 P-8752V-11 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-8752V-10 P-8752V-11 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Logical Domain(LDOM)). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS) as well as update, insert or delete access to some Solaris accessible data. Note: CVE-2012-3209 and CVE-2012-3215 only affects Solaris on the SPARC platform. CVSS Base Score 5.6 (Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:P/A:C). Oracle Vector: (AV:L/AC:L/Au:N/C:N/I:P/A:C). Fix has been released CVE-2012-3209 P-8752V-10 P-8752V-11 5.6 AV:L/AC:L/Au:N/C:N/I:P/A:C CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-8752V-10 P-8752V-11 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 7.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). Fix has been released CVE-2012-3210 P-8752V-11 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-8752V-11 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel/System Call). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 4.6 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:N/I:N/A:C). Oracle Vector: (AV:L/AC:L/Au:S/C:N/I:N/A:C). Fix has been released CVE-2012-3211 P-8752V-10 P-8752V-11 4.6 AV:L/AC:L/Au:S/C:N/I:N/A:C CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-8752V-10 P-8752V-11 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). Note: CVE-2012-3212 affects only Solaris on SPARC T4 servers. CVSS Base Score 4.7 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:C). Oracle Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:C). Fix has been released CVE-2012-3212 P-8752V-10 P-8752V-11 4.7 AV:L/AC:M/Au:N/C:N/I:N/A:C CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-8752V-10 P-8752V-11 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.3.7.0. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Fix has been released CVE-2012-3214 P-2276V-8.3.7.0 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-2276V-8.3.7.0 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized read access to a subset of Solaris accessible data. Note: CVE-2012-3209 and CVE-2012-3215 only affects Solaris on the SPARC platform. CVSS Base Score 1.7 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:L/AC:L/Au:S/C:P/I:N/A:N). Fix has been released CVE-2012-3215 P-8752V-10 P-8752V-11 1.7 AV:L/AC:L/Au:S/C:P/I:N/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-8752V-10 P-8752V-11 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In HTML Export SDK). The supported version that is affected is 8.3.7.0. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Fix has been released CVE-2012-3217 P-2276V-8.3.7.0 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-2276V-8.3.7.0 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In HTML Export SDK). The supported version that is affected is 8.3.7.0. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Fix has been released CVE-2012-3217 P-2276V-8.3.7.0 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-2276V-8.3.7.0 Vulnerability in the Oracle VM Virtual Box component of Oracle Virtualization (subcomponent: VirtualBox Core). Supported versions that are affected are 3.2, 4.0 and 4.1. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM Virtual Box. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P+). Fix has been released CVE-2012-3221 P-8370V-3.2 P-8370V-4.0 P-8370V-4.1 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-8370V-3.2 P-8370V-4.0 P-8370V-4.1 Vulnerability in the Oracle iRecruitment component of Oracle E-Business Suite (subcomponent: Signon (local only)). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle iRecruitment. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P+). Fix has been released CVE-2012-3222 P-1193V-11.5.10.2 P-1193V-12.0.6 P-1193V-12.1.1 P-1193V-12.1.2 P-1193V-12.1.3 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-1193V-11.5.10.2 P-1193V-12.0.6 P-1193V-12.1.1 P-1193V-12.1.2 P-1193V-12.1.3 Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Software (subcomponent: BASE). Supported versions that are affected are 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.0 - 5.3.4 and 6.0.1. Very difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data. CVSS Base Score 2.1 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:H/Au:S/C:P/I:N/A:N). Fix has been released CVE-2012-3223 P-9111V-5.0.2 P-9111V-5.0.5 P-9111V-5.1.0 P-9111V-5.2.0 P-9111V-5.3.0 - 5.3.4 P-9111V-6.0.1 2.1 AV:N/AC:H/Au:S/C:P/I:N/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-9111V-5.0.2 P-9111V-5.0.5 P-9111V-5.1.0 P-9111V-5.2.0 P-9111V-5.3.0 - 5.3.4 P-9111V-6.0.1 Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Software (subcomponent: BASE). Supported versions that are affected are 5.1.0, 5.2.0 and 5.3.0 - 5.3.4. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data. CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). Fix has been released CVE-2012-3224 P-9111V-5.1.0 P-9111V-5.2.0 P-9111V-5.3.0 - 5.3.4 3.5 AV:N/AC:M/Au:S/C:P/I:N/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-9111V-5.1.0 P-9111V-5.2.0 P-9111V-5.3.0 - 5.3.4 Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Software (subcomponent: BASE). Supported versions that are affected are 5.3.0 - 5.3.4. Very difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle FLEXCUBE Direct Banking accessible data as well as read access to a subset of Oracle FLEXCUBE Direct Banking accessible data. CVSS Base Score 3.6 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:H/Au:S/C:P/I:P/A:N). Fix has been released CVE-2012-3225 P-9111V-5.3.0 - 5.3.4 3.6 AV:N/AC:H/Au:S/C:P/I:P/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-9111V-5.3.0 - 5.3.4 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Software (subcomponent: BASE). Supported versions that are affected are 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0 and 11.0.0 - 11.2.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle FLEXCUBE Universal Banking accessible data as well as read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). Fix has been released CVE-2012-3226 P-9052V-10.0.0 P-9052V-10.0.2 P-9052V-10.1.0 P-9052V-10.2.0 P-9052V-10.2.2 P-9052V-10.3.0 P-9052V-10.5.0 P-9052V-11.0.0 - 11.2.0 5.5 AV:N/AC:L/Au:S/C:P/I:P/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-9052V-10.0.0 P-9052V-10.0.2 P-9052V-10.1.0 P-9052V-10.2.0 P-9052V-10.2.2 P-9052V-10.3.0 P-9052V-10.5.0 P-9052V-11.0.0 - 11.2.0 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Software (subcomponent: BASE). Supported versions that are affected are 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0, 11.0.0 - 11.4.0 and 12.0.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle FLEXCUBE Universal Banking accessible data as well as read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). Fix has been released CVE-2012-3226 P-9052V-10.0.0 P-9052V-10.0.2 P-9052V-10.1.0 P-9052V-10.2.0 P-9052V-10.2.2 P-9052V-10.3.0 P-9052V-10.5.0 P-9052V-11.0.0 - 11.4.0 P-9052V-12.0.0 5.5 AV:N/AC:L/Au:S/C:P/I:P/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-9052V-10.0.0 P-9052V-10.0.2 P-9052V-10.1.0 P-9052V-10.2.0 P-9052V-10.2.2 P-9052V-10.3.0 P-9052V-10.5.0 P-9052V-11.0.0 - 11.4.0 P-9052V-12.0.0 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Software (subcomponent: BASE). Supported versions that are affected are 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0 and 11.0.0 - 11.2.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle FLEXCUBE Universal Banking accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Fix has been released CVE-2012-3227 P-9052V-10.0.0 P-9052V-10.0.2 P-9052V-10.1.0 P-9052V-10.2.0 P-9052V-10.2.2 P-9052V-10.3.0 P-9052V-10.5.0 P-9052V-11.0.0 - 11.2.0 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-9052V-10.0.0 P-9052V-10.0.2 P-9052V-10.1.0 P-9052V-10.2.0 P-9052V-10.2.2 P-9052V-10.3.0 P-9052V-10.5.0 P-9052V-11.0.0 - 11.2.0 Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Software (subcomponent: BASE). Supported versions that are affected are 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.0 - 5.3.4, 6.0.1 and 6.2.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle FLEXCUBE Direct Banking accessible data and ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Direct Banking. CVSS Base Score 4.9 (Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:P). Oracle Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:P). Fix has been released CVE-2012-3228 P-9111V-5.0.2 P-9111V-5.0.5 P-9111V-5.1.0 P-9111V-5.2.0 P-9111V-5.3.0 - 5.3.4 P-9111V-6.0.1 P-9111V-6.2.0 4.9 AV:N/AC:M/Au:S/C:N/I:P/A:P CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-9111V-5.0.2 P-9111V-5.0.5 P-9111V-5.1.0 P-9111V-5.2.0 P-9111V-5.3.0 - 5.3.4 P-9111V-6.0.1 P-9111V-6.2.0 Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: Siebel Documentation). The supported version that is affected is 8.1.1. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Fix has been released CVE-2012-3229 P-8962V-8.1.1 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-8962V-8.1.1 Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: Portal Framework). The supported version that is affected is 8.1.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). Fix has been released CVE-2012-3230 P-9011V-8.1.1 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-9011V-8.1.1 Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Web interface). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.1, 12.1.2 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle iStore accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-5058 P-384V-11.5.10.2 P-384V-12.0.6 P-384V-12.1.1 P-384V-12.1.2 P-384V-12.1.3 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-384V-11.5.10.2 P-384V-12.0.6 P-384V-12.1.1 P-384V-12.1.2 P-384V-12.1.3 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Software (subcomponent: BASE). Supported versions that are affected are 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0, 11.0.0 - 11.4.0 and 12.0.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Fix has been released CVE-2012-5061 P-9052V-10.0.0 P-9052V-10.0.2 P-9052V-10.1.0 P-9052V-10.2.0 P-9052V-10.2.2 P-9052V-10.3.0 P-9052V-10.5.0 P-9052V-11.0.0 - 11.4.0 P-9052V-12.0.0 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-9052V-10.0.0 P-9052V-10.0.2 P-9052V-10.1.0 P-9052V-10.2.0 P-9052V-10.2.2 P-9052V-10.3.0 P-9052V-10.5.0 P-9052V-11.0.0 - 11.4.0 P-9052V-12.0.0 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Software (subcomponent: BASE). Supported versions that are affected are 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0, 11.0.0 - 11.4.0 and 12.0.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle FLEXCUBE Universal Banking accessible data. CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-5063 P-9052V-10.0.0 P-9052V-10.0.2 P-9052V-10.1.0 P-9052V-10.2.0 P-9052V-10.2.2 P-9052V-10.3.0 P-9052V-10.5.0 P-9052V-11.0.0 - 11.4.0 P-9052V-12.0.0 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-9052V-10.0.0 P-9052V-10.0.2 P-9052V-10.1.0 P-9052V-10.2.0 P-9052V-10.2.2 P-9052V-10.3.0 P-9052V-10.5.0 P-9052V-11.0.0 - 11.4.0 P-9052V-12.0.0 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Software (subcomponent: BASE). Supported versions that are affected are 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0 and 11.0.0 - 11.2.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). Fix has been released CVE-2012-5064 P-9052V-10.0.0 P-9052V-10.0.2 P-9052V-10.1.0 P-9052V-10.2.0 P-9052V-10.2.2 P-9052V-10.3.0 P-9052V-10.5.0 P-9052V-11.0.0 - 11.2.0 3.5 AV:N/AC:M/Au:S/C:P/I:N/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-9052V-10.0.0 P-9052V-10.0.2 P-9052V-10.1.0 P-9052V-10.2.0 P-9052V-10.2.2 P-9052V-10.3.0 P-9052V-10.5.0 P-9052V-11.0.0 - 11.2.0 Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: ImagePicker). Supported versions that are affected are 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2 and 11.1.1.6.0. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebCenter Sites accessible data. CVSS Base Score 2.1 (Integrity impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:L/AC:L/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-5065 P-9617V-6.1 P-9617V-6.2 P-9617V-6.3.x P-9617V-7 P-9617V-7.0.1 P-9617V-7.0.2 P-9617V-7.0.3 P-9617V-7.5 P-9617V-7.6.1 P-9617V-7.6.2 P-9617V-11.1.1.6.0 2.1 AV:L/AC:L/Au:N/C:N/I:P/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-9617V-6.1 P-9617V-6.2 P-9617V-6.3.x P-9617V-7 P-9617V-7.0.1 P-9617V-7.0.2 P-9617V-7.0.3 P-9617V-7.5 P-9617V-7.6.1 P-9617V-7.6.2 P-9617V-11.1.1.6.0 Vulnerability in the Oracle Central Designer component of Oracle Industry Applications. Supported versions that are affected are 1.3, 1.4 and 1.4.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Central Designer accessible data as well as read access to all Oracle Central Designer accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Central Designer. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:M/Au:N/C:P+/I:P+/A:P). Fix has been released CVE-2012-5066 P-9132V-1.3 P-9132V-1.4 P-9132V-1.4.2 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-9132V-1.3 P-9132V-1.4 P-9132V-1.4.2 Vulnerability in the Oracle Agile PLM for Process component of Oracle Supply Chain Products Suite (subcomponent: Document Reference Library). Supported versions that are affected are 5.2.2 and 6.1.0.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Agile PLM for Process accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Fix has been released CVE-2012-5090 P-4445V-5.2.2 P-4445V-6.1.0.0 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-4445V-5.2.2 P-4445V-6.1.0.0 Vulnerability in the Oracle Agile Product Supplier Collaboration for Process component of Oracle Supply Chain Products Suite (subcomponent: Supplier Portal). Supported versions that are affected are 5.2.2 and 6.1.0.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Agile Product Supplier Collaboration for Process accessible data. CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). Fix has been released CVE-2012-5091 P-4447V-5.2.2 P-4447V-6.1.0.0 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-4447V-5.2.2 P-4447V-6.1.0.0 Vulnerability in the Oracle Agile PLM for Process component of Oracle Supply Chain Products Suite (subcomponent: Supply Chain Relationship Mgmt). Supported versions that are affected are 5.2.2 and 6.1.0.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Agile PLM for Process accessible data as well as read access to a subset of Oracle Agile PLM for Process accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). Fix has been released CVE-2012-5092 P-4445V-5.2.2 P-4445V-6.1.0.0 5.5 AV:N/AC:L/Au:S/C:P/I:P/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-4445V-5.2.2 P-4445V-6.1.0.0 Vulnerability in the Oracle Agile PLM for Process component of Oracle Supply Chain Products Suite (subcomponent: Global Spec Management). Supported versions that are affected are 5.2.2 and 6.1.0.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Agile PLM for Process accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-5093 P-4445V-5.2.2 P-4445V-6.1.0.0 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-4445V-5.2.2 P-4445V-6.1.0.0 Vulnerability in the Oracle Agile PLM for Process component of Oracle Supply Chain Products Suite (subcomponent: User Group Management). Supported versions that are affected are 5.2.2 and 6.1.0.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Agile PLM for Process accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2012-5094 P-4445V-5.2.2 P-4445V-6.1.0.0 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-4445V-5.2.2 P-4445V-6.1.0.0 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: inetd(1M)). The supported version that is affected is 10. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 4.4 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:P). Fix has been released CVE-2012-5095 P-8752V-10 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P CPUOct2012 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html P-8752V-10