Text Form of Oracle Critical Patch Update - April 2011 Risk Matrices



This document provides the text form of the CPUApr2011 Advisory Risk Matrices. Please note that the CVE numbers in this document correspond to the same CVE numbers in the CPUApr2011 Advisory

This page contains the following text format Risk Matrices:

 

Text Form of Risk Matrix for Oracle Database Server

 


This table provides the text form of the Risk Matrix for Oracle Database Server.

CVE IdentifierDescription
CVE-2011-0792Vulnerability in the Oracle Warehouse Builder component of Oracle Database Server. This vulnerability requires Dimensional Data Modeling privileges for a successful attack. Supported versions that are affected are 10.2.0.5 (OWB) and 11.1.0.7. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized takeover of Oracle Warehouse Builder possibly including arbitrary code execution within the Oracle Warehouse Builder.

CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-0793Vulnerability in the Database Vault component of Oracle Database Server. This vulnerability requires SYSDBA privileges for a successful attack. Supported versions that are affected are 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7 and 11.2.0.1. Very difficult to exploit vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Database Vault accessible data and ability to cause a partial denial of service (partial DOS) of Database Vault.

CVSS Base Score 3.6 (Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:N/I:P/A:P). (legend) [Advisory]
CVE-2011-0799Vulnerability in the Oracle Warehouse Builder component of Oracle Database Server. This vulnerability requires Oracle Warehouse Builder User Account privileges for a successful attack. Supported versions that are affected are 10.2.0.5 (OWB), 11.1.0.7 and 11.2.0.1. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized takeover of Oracle Warehouse Builder possibly including arbitrary code execution within the Oracle Warehouse Builder.

CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-0804Vulnerability in the Database Vault component of Oracle Database Server. This vulnerability requires Valid Account privileges for a successful attack. Supported versions that are affected are 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1 and 11.2.0.2. Very difficult to exploit vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Database Vault accessible data as well as read access to a subset of Database Vault accessible data.

CVSS Base Score 3.6 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-0805Vulnerability in the UIX component of Oracle Database Server. Supported versions that are affected are 10.1.0.5, 10.2.0.4, 11.1.0.7 and 11.2.0.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some UIX accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-0806Vulnerability in the Network Foundation component of Oracle Database Server. Supported versions that are affected are 10.1.0.5, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1 and 11.2.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Network Foundation.

Note: Applicable to Windows servers only.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Fusion Middleware

 


This table provides the text form of the Risk Matrix for Oracle Fusion Middleware.

CVE IdentifierDescription
CVE-2009-3555Vulnerability in the Oracle Security Service component of Oracle Fusion Middleware (subcomponent: C Oracle SSL API). Supported versions that are affected are 10.1.2.3, 10.1.3.5, 10.1.4.0.1, 10.1.4.3, 11.1.1.2.0 and 11.1.1.3.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via SSL/HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Security Service accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Security Service.

CVSS Base Score 5.8 (Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:P). (legend) [Advisory]
CVE-2009-3555Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Plugins for Apache, Sun and IIS web servers). Supported versions that are affected are 8.1.6, 9.2.3, 9.2.4, 10.0.2, 10.3.2, 10.3.3 and 10.3.4. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSL/HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebLogic Server accessible data as well as read access to a subset of Oracle WebLogic Server accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2010-4452Vulnerability in the Oracle JRockit component of Oracle Fusion Middleware. Supported versions that are affected are R27.6.8 and before: JRE/JDK 1.4.2 and 5 and 6; R28.1.1 and before: JRE/JDK 5 and 6. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Oracle released a Java Critical Patch Update in February 2011 to address multiple vulnerabilities affecting the Java Runtime Environment. Oracle CVE-2010-4452 refers to the advisories that were applicable to JRockit from the Java Critical Patch Update. The CVSS score of this vulnerability CVE# reflects the highest among those fixed in JRockit. The complete list of all advisories addressed in JRockit under CVE-2010-4452 is as follows: CVE-2010-4448, CVE-2010-4450, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465, CVE-2010-4468, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4473 and CVE-2010-4476.

CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2011-0785Vulnerability in the Oracle Help component of Oracle Fusion Middleware. The supported version that is affected is See note. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Help accessible data.

Note: Fixed in all supported Releases and Patchsets.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-0789Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware. The supported version that is affected is 10.1.2.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle HTTP Server accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-0794Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In File ID SDK). The supported version that is affected is 8.3.5.0. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized takeover of Oracle Outside In Technology possibly including arbitrary code execution within the Oracle Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. Its privileges are controlled by the embedding technology. Depending on the hosting software, the CVSS score can be as high as 9.3 if the hosting software runs as root and passes data received over the network to Outside In Technology code.

CVSS Base Score 4.4 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-0795Vulnerability in the Single Sign On component of Oracle Fusion Middleware (subcomponent: Administration and Monitoring). The supported version that is affected is 10.1.2.3. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Single Sign On accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-0798Vulnerability in the Portal component of Oracle Fusion Middleware (subcomponent: Midtier Infrastructure). Supported versions that are affected are 10.1.2.3 and 11.1.1.2.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Portal accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-0808Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.3.2.0 and 8.3.5.0. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized takeover of Oracle Outside In Technology possibly including arbitrary code execution within the Oracle Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. Its privileges are controlled by the embedding technology. Depending on the hosting software, the CVSS score can be as high as 9.3 if the hosting software runs as root and passes data received over the network to Outside In Technology code.

CVSS Base Score 4.4 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Enterprise Manager Grid Control

 


This table provides the text form of the Risk Matrix for Oracle Enterprise Manager Grid Control.

CVE IdentifierDescription
CVE-2011-0787Vulnerability in the Application Service Level Management component of Oracle Enterprise Manager Grid Control (subcomponent: Service Level Agreements). The supported version that is affected is See note. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Application Service Level Management accessible data as well as read access to all Application Service Level Management accessible data.

Note: Fixed in all supported Releases and Patchsets.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle E-Business Suite

 


This table provides the text form of the Risk Matrix for Oracle E-Business Suite.

CVE IdentifierDescription
CVE-2011-0791Vulnerability in the Application Object Library component of Oracle E-Business Suite (subcomponent: Data Export). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.1, 12.1.2 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Application Object Library accessible data.

CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-0796Vulnerability in the Applications Install component of Oracle E-Business Suite. Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized read access to a subset of Applications Install accessible data.

CVSS Base Score 1.7 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-0797Vulnerability in the Applications Install component of Oracle E-Business Suite. Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.1, 12.1.2 and 12.1.3. Very difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Applications Install accessible data.

CVSS Base Score 2.1 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-0809Vulnerability in the Web ADI component of Oracle E-Business Suite. Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.1, 12.1.2 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Web ADI accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Supply Chain Products Suite

 


This table provides the text form of the Risk Matrix for Oracle Supply Chain Products Suite.

CVE IdentifierDescription
CVE-2011-0837Vulnerability in the Agile Technology Platform component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.0.2 and 9.3.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Agile Technology Platform accessible data.

CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle PeopleSoft Products

 


This table provides the text form of the Risk Matrix for Oracle PeopleSoft Products.

CVE IdentifierDescription
CVE-2011-0826Vulnerability in the PeopleSoft Enterprise component of Oracle PeopleSoft Products (subcomponent: Application Portal). Supported versions that are affected are 8.8 Bundle #13, 8.9 Bundle #7, 9.0 Bundle #7 and 9.1 Bundle #4. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-0827Vulnerability in the PeopleSoft Enterprise component of Oracle PeopleSoft Products (subcomponent: PeopleTools). Supported versions that are affected are 8.50 GA through 8.50.17 and 8.51 GA through 8.51.07. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-0828Vulnerability in the PeopleSoft Enterprise component of Oracle PeopleSoft Products (subcomponent: Application Portal). The supported version that is affected is 8.8 Bundle #13. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-0840Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: File Processing). The supported version that is affected is 8.49 GA through 8.49.30. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-0850Vulnerability in the PeopleSoft Enterprise CRM component of Oracle PeopleSoft Products (subcomponent: Order Capture). The supported version that is affected is 8.9 Bundle #41. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise CRM accessible data as well as read access to a subset of PeopleSoft Enterprise CRM accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-0851Vulnerability in the PeopleSoft Enterprise ELS component of Oracle PeopleSoft Products (subcomponent: Enterprise Learning Mgmt). Supported versions that are affected are 9.0 Bundle #19 and 9.1 Bundle #5. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise ELS accessible data as well as read access to a subset of PeopleSoft Enterprise ELS accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-0853Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: ePerformance). Supported versions that are affected are 9.0 Bundle #15 and 9.1 Bundle #5. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise HRMS accessible data as well as read access to a subset of PeopleSoft Enterprise HRMS accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-0854Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: ePerformance). The supported version that is affected is 9.1 Bundle #5. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise HRMS accessible data as well as read access to a subset of PeopleSoft Enterprise HRMS accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-0856Vulnerability in the PeopleSoft Enterprise component of Oracle PeopleSoft Products (subcomponent: PeopleTools). Supported versions that are affected are 8.49 GA through 8.49.30, 8.50 GA through 8.50.17 and 8.51 GA through 8.51.07. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-0857Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: Pension Administration). Supported versions that are affected are 9.0 Bundle #15 and 9.1 Bundle #5. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise HRMS accessible data as well as read access to a subset of PeopleSoft Enterprise HRMS accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-0858Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: Talent Acquisition Manager). Supported versions that are affected are 9.0 Bundle #15 and 9.1 Bundle #5. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise HRMS accessible data as well as read access to a subset of PeopleSoft Enterprise HRMS accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-0859Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: Payroll for North America). Supported versions that are affected are 9.0 Tax Update 11-B and 9.1 Tax Update 11-B. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise HRMS accessible data as well as read access to a subset of PeopleSoft Enterprise HRMS accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-0860Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: Global Payroll - Spain). Supported versions that are affected are 9.0 Update 2011-B and 9.1 Update 20111-B. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise HRMS accessible data as well as read access to a subset of PeopleSoft Enterprise HRMS accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-0861Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: Global Payroll Core). Supported versions that are affected are 9.0 Update 2011-B and 9.1 Update 2011-B. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise HRMS accessible data as well as read access to a subset of PeopleSoft Enterprise HRMS accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle JD Edwards Products

 


This table provides the text form of the Risk Matrix for Oracle JD Edwards Products.

CVE IdentifierDescription
CVE-2011-0803Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Enterprise Infrastructure SEC ). Supported versions that are affected are 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some JD Edwards EnterpriseOne Tools accessible data and ability to cause a partial denial of service (partial DOS) of JD Edwards EnterpriseOne Tools.

CVSS Base Score 5.8 (Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:P). (legend) [Advisory]
CVE-2011-0810Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Enterprise Infrastructure SEC). Supported versions that are affected are 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of JD Edwards EnterpriseOne Tools.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2011-0818Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Enterprise Infrastructure SEC). Supported versions that are affected are 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2011-0819Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Enterprise Infrastructure SEC). Supported versions that are affected are 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some JD Edwards EnterpriseOne Tools accessible data.

CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-0823Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Enterprise Infrastructure SEC). Supported versions that are affected are 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some JD Edwards EnterpriseOne Tools accessible data.

CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-0824Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Enterprise Infrastructure SEC). Supported versions that are affected are 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some JD Edwards EnterpriseOne Tools accessible data as well as read access to a subset of JD Edwards EnterpriseOne Tools accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-0825Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Enterprise Infrastructure SEC). Supported versions that are affected are 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some JD Edwards EnterpriseOne Tools accessible data as well as read access to a subset of JD Edwards EnterpriseOne Tools accessible data and ability to cause a partial denial of service (partial DOS) of JD Edwards EnterpriseOne Tools.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-0836Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC). Supported versions that are affected are 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some JD Edwards EnterpriseOne Tools accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Siebel CRM

 


This table provides the text form of the Risk Matrix for Oracle Siebel CRM.

CVE IdentifierDescription
CVE-2011-0833Vulnerability in the Siebel CRM Core component of Oracle Siebel CRM (subcomponent: UIF Client). Supported versions that are affected are 7.8.2, 8.0.0 and 8.1.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Siebel CRM Core accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-0834Vulnerability in the Siebel CRM Core component of Oracle Siebel CRM (subcomponent: Globalization - Automotive). Supported versions that are affected are 8.0.0 and 8.1.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Siebel CRM Core accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-0843Vulnerability in the Siebel CRM Core component of Oracle Siebel CRM (subcomponent: Globalization - Automotive). Supported versions that are affected are 7.8.2, 8.0.0 and 8.1.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Siebel CRM Core accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Industry Applications

 


This table provides the text form of the Risk Matrix for Oracle Industry Applications.

CVE IdentifierDescription
CVE-2011-0855Vulnerability in the InForm component of Oracle Industry Applications (subcomponent: Core). Supported versions that are affected are 4.5, 4.6 and 5.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all InForm accessible data as well as read access to all InForm accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Sun Products Suite

 


This table provides the text form of the Risk Matrix for Oracle Sun Products Suite.

CVE IdentifierDescription
CVE-2010-4476Vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component of Oracle Sun Products Suite (subcomponent: Bundled JDK). Supported versions that are affected are 6.1 and 7.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle iPlanet Web Server (Sun Java System Web Server).

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2011-0411Vulnerability in the Sun Java System Messaging Server component of Oracle Sun Products Suite (subcomponent: SMTP Server, IMAP Server, POP Server). Supported versions that are affected are 6.3 and 7.0. Very difficult to exploit vulnerability allows successful authenticated network attacks via SMTP, IMAP, POP. Successful attack of this vulnerability can result in unauthorized write access to any arbitrary Operating System location as well as read access to a subset of Sun Java System Messaging Server accessible data and ability to cause a partial denial of service (partial DOS) of Sun Java System Messaging Server.

CVSS Base Score 6.1 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:P/I:C/A:P). (legend) [Advisory]
CVE-2011-0412Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Packaging). Supported versions that are affected are 8, 9 and 10. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data.

CVSS Base Score 2.1 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-0790Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: wbem). Supported versions that are affected are 9 and 10. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized read access to a subset of Solaris accessible data.

CVSS Base Score 1.7 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-0800Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Administration Utilities). Supported versions that are affected are 8, 9, 10 and 11 Express. Easily exploitable vulnerability requiring logon to Operating System plus additional, multiple logins to components. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:M/C:C/I:C/A:C). (legend) [Advisory]
CVE-2011-0801Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: cp). Supported versions that are affected are 10 and 11 Express. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data.

CVSS Base Score 3.6 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-0807Vulnerability in the Sun GlassFish Enterprise Server, Sun Java System Application Server component of Oracle Sun Products Suite (subcomponent: Administration). Supported versions that are affected are 2.1, 2.1.1, 3.0.1 and 9.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2011-0812Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel). Supported versions that are affected are 8, 9, 10 and 11 Express. Very difficult to exploit vulnerability requiring logon to Operating System plus additional, multiple logins to components. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 3.7 (Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:M/C:N/I:N/A:C). (legend) [Advisory]
CVE-2011-0813Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel). Supported versions that are affected are 8, 9, 10 and 11 Express. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2011-0820Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11 Express. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via SCTP. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 5.4 (Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2011-0821Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: uucp). Supported versions that are affected are 8, 9 and 10. Difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data.

CVSS Base Score 3.0 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:L/AC:M/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-0829Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel/SPARC). Supported versions that are affected are 10 and 11 Express. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2011-0839Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: LOFS). Supported versions that are affected are 9, 10 and 11 Express. Very difficult to exploit vulnerability requiring logon to Operating System plus additional, multiple logins to components. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 3.7 (Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:M/C:N/I:N/A:C). (legend) [Advisory]
CVE-2011-0841Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: TCP/IP). The supported version that is affected is 11 Express. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 7.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2011-0844Vulnerability in the OpenSSO Enterprise, Sun Java System Access Manager component of Oracle Sun Products Suite (subcomponent: Authentication). Supported versions that are affected are 7.1 and 8.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some OpenSSO Enterprise, Sun Java System Access Manager accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-0846Vulnerability in the Sun Java System Access Manager Policy Agent component of Oracle Sun Products Suite (subcomponent: Web Proxy Agent). The supported version that is affected is 2.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun Java System Access Manager Policy Agent.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2011-0847Vulnerability in the OpenSSO Enterprise, Sun Java System Access Manager component of Oracle Sun Products Suite (subcomponent: Authentication). Supported versions that are affected are 7.1 and 8.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of OpenSSO Enterprise, Sun Java System Access Manager accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-0849Vulnerability in the Java Dynamic Management Kit component of Oracle Sun Products Suite (subcomponent: HTML Adaptor). The supported version that is affected is 5.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java Dynamic Management Kit accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Open Office Suite

 


This table provides the text form of the Risk Matrix for Oracle Open Office Suite.

CVE IdentifierDescription
CVE-2010-3450Vulnerability in the Oracle Open Office, StarOffice, StarSuite component of Oracle Open Office Suite (subcomponent: Package Installation). The supported version that is affected is Open Office 3; StarOffice/StarSuite 8. Difficult to exploit vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized write access to any arbitrary Operating System location.

CVSS Base Score 7.1 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:C/A:N). (legend) [Advisory]
CVE-2010-3451Vulnerability in the Oracle Open Office, StarOffice, StarSuite component of Oracle Open Office Suite (subcomponent: RTF Documents). Supported versions that are affected are Open Office 3; StarOffice/StarSuite 7 and 8. Difficult to exploit vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2010-3452Vulnerability in the Oracle Open Office, StarOffice, StarSuite component of Oracle Open Office Suite (subcomponent: RTF Documents). Supported versions that are affected are Open Office 3; StarOffice/StarSuite 7 and 8. Difficult to exploit vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2010-3453Vulnerability in the Oracle Open Office, StarOffice, StarSuite component of Oracle Open Office Suite (subcomponent: Microsoft Word Documents). Supported versions that are affected are Open Office 3; StarOffice/StarSuite 7 and 8. Difficult to exploit vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2010-3454Vulnerability in the Oracle Open Office, StarOffice, StarSuite component of Oracle Open Office Suite (subcomponent: Microsoft Word Documents). Supported versions that are affected are Open Office 3; StarOffice/StarSuite 7 and 8. Difficult to exploit vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2010-3689Vulnerability in the Oracle Open Office, StarOffice, StarSuite component of Oracle Open Office Suite (subcomponent: Start Scripts). The supported version that is affected is Open Office 3; StarOffice/StarSuite 8. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2010-4253Vulnerability in the Oracle Open Office, StarOffice, StarSuite component of Oracle Open Office Suite (subcomponent: Microsoft PowerPoint Documents). Supported versions that are affected are Open Office 3; StarOffice/StarSuite 7 and 8. Difficult to exploit vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2010-4643Vulnerability in the Oracle Open Office, StarOffice, StarSuite component of Oracle Open Office Suite (subcomponent: TGA file processing). Supported versions that are affected are Open Office 3; StarOffice/StarSuite 7 and 8. Difficult to exploit vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]