Text Form of Oracle Critical Patch Update - January 2011 Risk Matrices



This document provides the text form of the CPUJan2011 Advisory Risk Matrices. Please note that the CVE numbers in this document correspond to the same CVE numbers in the CPUJan2011 Advisory

This page contains the following text format Risk Matrices:

 

Text Form of Risk Matrix for Oracle Database Server

 


This table provides the text form of the Risk Matrix for Oracle Database Server.

CVE IdentifierDescription
CVE-2010-3590Vulnerability in the Oracle Spatial component of Oracle Database Server. This vulnerability requires Execute on MDSYS procedures privileges for a successful attack. Supported versions that are affected are 10.2.0.4, 11.1.0.7 and 11.2.0.1. Difficult to exploit vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Spatial accessible data as well as read access to all Oracle Spatial accessible data.

CVSS Base Score 4.9 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2010-4413Vulnerability in the Scheduler Agent component of Oracle Database Server. This vulnerability requires Valid User privileges for a successful attack. Supported versions that are affected are 11.1.0.7 and 11.2.0.1. Very difficult to exploit vulnerability allows successful network attacks via HTTP, requiring multiple authentications. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Scheduler Agent accessible data as well as read access to a subset of Scheduler Agent accessible data and ability to cause a partial denial of service (partial DOS) of Scheduler Agent.

CVSS Base Score 4.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:M/C:P/I:P/A:P). (legend) [Advisory]
CVE-2010-4420Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7 and 11.2.0.1. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Database Vault accessible data as well as read access to a subset of Database Vault accessible data.

CVSS Base Score 3.6 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2010-4421Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7 and 11.2.0.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Database Vault accessible data as well as read access to a subset of Database Vault accessible data and ability to cause a partial denial of service (partial DOS) of Database Vault.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2010-4423Vulnerability in the Cluster Verify Utility component of Oracle Database Server. Supported versions that are affected are 10.2.0.4, 10.2.0.5, 11.1.0.7 and 11.2.0.1. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: The vulnerability affects Microsoft Windows platforms only.

CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Secure Backup

 


This table provides the text form of the Risk Matrix for Oracle Secure Backup.

CVE IdentifierDescription
CVE-2009-3555Vulnerability in the mod_ssl component of Oracle Secure Backup. The supported version that is affected is 10.3.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some mod_ssl accessible data and ability to cause a partial denial of service (partial DOS) of mod_ssl.

CVSS Base Score 6.4 (Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:P). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Audit Vault

 


This table provides the text form of the Risk Matrix for Oracle Audit Vault.

CVE IdentifierDescription
CVE-2010-4449Vulnerability in the Audit Vault component of Oracle Audit Vault. The supported version that is affected is 10.2.3.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: The CVSS Base Score is 10.0 only for Windows. For Linux, Unix and other platforms, the CVSS Base Score is 7.5, and the impacts for Confidentiality, Integrity and Availability are Partial+.

CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Fusion Middleware

 


This table provides the text form of the Risk Matrix for Oracle Fusion Middleware.

CVE IdentifierDescription
CVE-2010-3510Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Node Manager). Supported versions that are affected are 9.0, 9.1, 9.2.3, 10.0.2, 10.3.2 and 10.3.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2010-3574Vulnerability in the Oracle JRockit component of Oracle Fusion Middleware. Supported versions that are affected are R27.6.7 and before: JRE/JDK 1.4.2 and 5 and 6; R28.0.1 and before: JRE/JDK 5 and 6;. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Oracle released a Java Critical Patch Update in October 2010 to address multiple vulnerabilities affecting the Java Runtime Environment. Oracle CVE-2010-3574 refers to the advisories that were applicable to JRockit from the Java Critical Patch Update. The CVSS score of this vulnerability CVE# reflects the highest among those fixed in JRockit. The complete list of all advisories addressed in JRockit under CVE-2010-3574 is as follows: CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3551 CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3559, CVE-2010-3561, CVE-2010-3562, CVE-2010-3565, CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573 and CVE-2010-3574.

CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2010-3588Vulnerability in the Oracle Discoverer component of Oracle Fusion Middleware (subcomponent: EUL Code & Schema). Supported versions that are affected are 10.1.2.3, 11.1.1.2.0 and 11.1.1.3.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Discoverer accessible data as well as read access to a subset of Oracle Discoverer accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2010-3591Vulnerability in the Oracle Document Capture component of Oracle Fusion Middleware (subcomponent: Internal Operations). Supported versions that are affected are 10.1.3.4 and 10.1.3.5. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2010-3592Vulnerability in the Oracle Document Capture component of Oracle Fusion Middleware (subcomponent: Internal Operations). Supported versions that are affected are 10.1.3.4 and 10.1.3.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized write access to any arbitrary Operating System location and ability to cause a partial denial of service (partial DOS) of Oracle Document Capture.

CVSS Base Score 8.5 (Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:C/A:P). (legend) [Advisory]
CVE-2010-3595Vulnerability in the Oracle Document Capture component of Oracle Fusion Middleware (subcomponent: Import Server). Supported versions that are affected are 10.1.3.4 and 10.1.3.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to any arbitrary Operating System location.

CVSS Base Score 7.8 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N). (legend) [Advisory]
CVE-2010-3597Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Viewer SDK). The supported version that is affected is 8.3.0. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology.

CVSS Base Score 1.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2010-3598Vulnerability in the Oracle Document Capture component of Oracle Fusion Middleware (subcomponent: Import Export Utility). Supported versions that are affected are 10.1.3.4 and 10.1.3.5. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized write access to any arbitrary Operating System location.

CVSS Base Score 7.1 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:C/A:N). (legend) [Advisory]
CVE-2010-3599Vulnerability in the Oracle Document Capture component of Oracle Fusion Middleware (subcomponent: Import Server). Supported versions that are affected are 10.1.3.4 and 10.1.3.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized write access to any arbitrary Operating System location and Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 9.4 (Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:C/A:C). (legend) [Advisory]
CVE-2010-4416Vulnerability in the Oracle GoldenGate Veridata component of Oracle Fusion Middleware (subcomponent: Server). The supported version that is affected is 3.0.0.4. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate Veridata.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2010-4417Vulnerability in the Services for Beehive component of Oracle Fusion Middleware. Supported versions that are affected are 2.0.1.0, 2.0.1.1, 2.0.1.2, 2.0.1.2.1 and 2.0.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized takeover of Services for Beehive possibly including arbitrary code execution within the Services for Beehive.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2010-4425Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware (subcomponent: Web Server). Supported versions that are affected are 10.1.3.3.2, 10.1.3.4.0 and 10.1.3.4.1. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle BI Publisher accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2010-4427Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware (subcomponent: Web Server). Supported versions that are affected are 10.1.3.4.0, 10.1.3.4.1 and 11.1.1.3. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle BI Publisher accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2010-4437Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Servlet Container). Supported versions that are affected are 9.0, 9.1, 9.2.4, 10.0.2, 10.3.2 and 10.3.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebLogic Server accessible data as well as read access to a subset of Oracle WebLogic Server accessible data.

CVSS Base Score 5.8 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2010-4453Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Servlet Container). Supported versions that are affected are 7.0.7, 8.1.6, 9.0, 9.1, 9.2.4, 10.0.2, 10.3.2 and 10.3.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebLogic Server accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2010-4455Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Apache Plugin). Supported versions that are affected are 11.1.1.2 and 11.1.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle HTTP Server accessible data as well as read access to a subset of Oracle HTTP Server accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Enterprise Manager Grid Control

 


This table provides the text form of the Risk Matrix for Oracle Enterprise Manager Grid Control.

CVE IdentifierDescription
CVE-2010-3594Vulnerability in the Real User Experience Insight component of Oracle Enterprise Manager Grid Control (subcomponent: Processing). The supported version that is affected is 6.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Real User Experience Insight accessible data as well as read access to all Real User Experience Insight accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2010-3600Vulnerability in the Client System Analyzer component of Oracle Enterprise Manager Grid Control. The supported version that is affected is 10.2.0.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized takeover of Client System Analyzer possibly including arbitrary code execution within the Client System Analyzer.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Applications

 


This table provides the text form of the Risk Matrix for Oracle Applications.

CVE IdentifierDescription
CVE-2010-3587Vulnerability in the Oracle Common Applications component of Oracle Applications (subcomponent: User Management). Supported versions that are affected are 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Common Applications accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2010-3589Vulnerability in the Oracle Application Object Library component of Oracle Applications (subcomponent: Logout). Supported versions that are affected are 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2 and 12.1.3. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Object Library accessible data as well as read access to a subset of Oracle Application Object Library accessible data.

CVSS Base Score 4.0 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Supply Chain Products Suite

 


This table provides the text form of the Risk Matrix for Oracle Supply Chain Products Suite.

CVE IdentifierDescription
CVE-2010-3505Vulnerability in the Agile Core component of Oracle Supply Chain Products Suite (subcomponent: Folders, Files & Attachments). Supported versions that are affected are 9.3.0.2 and 9.3.1. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Agile Core accessible data.

CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2010-4429Vulnerability in the Agile Core component of Oracle Supply Chain Products Suite (subcomponent: Web Client). Supported versions that are affected are 9.3.0.2 and 9.3.1. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Agile Core accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2010-4432Vulnerability in the Oracle Transportation Manager component of Oracle Supply Chain Products Suite (subcomponent: UI Infrastructure). Supported versions that are affected are 5.5.06, 6.0, 6.1 and 6.2. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Transportation Manager accessible data.

CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle PeopleSoft and JDEdwards Suite

 


This table provides the text form of the Risk Matrix for Oracle PeopleSoft and JDEdwards Suite.

CVE IdentifierDescription
CVE-2010-4418Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft and JDEdwards Suite (subcomponent: PIA Core Technology). The supported version that is affected is 8.50.11 thru 8.50.15 and 8.51GA thru 8.51.05. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized takeover of PeopleSoft Enterprise PeopleTools possibly including arbitrary code execution within the PeopleSoft Enterprise PeopleTools.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2010-4419Vulnerability in the PeopleSoft Enterprise CRM component of Oracle PeopleSoft and JDEdwards Suite (subcomponent: Order Capture). Supported versions that are affected are 9.0 Bundle #31 and 9.1 Bundle #6. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise CRM accessible data as well as read access to a subset of PeopleSoft Enterprise CRM accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2010-4424Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft and JDEdwards Suite (subcomponent: Security). Supported versions that are affected are 8.49.0 thru 8.49.29, 8.50.0 thru 8.50.14 and 8.51.0 thru 8.51.04. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2010-4426Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft and JDEdwards Suite (subcomponent: PIA Core Technology). Supported versions that are affected are 8.49.0 thru 8.49.29, 8.50.0 thru 8.50.14 and 8.51.0 thru 8.51.04. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data.

CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2010-4428Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft and JDEdwards Suite (subcomponent: Absence Management). Supported versions that are affected are 9.0 Update 2010-F. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HRMS accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2010-4430Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft and JDEdwards Suite (subcomponent: Absence Management). Supported versions that are affected are 9.1 Update 2010-F. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HRMS accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2010-4434Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft and JDEdwards Suite (subcomponent: Portal). Supported versions that are affected are 8.50.0 thru 8.50.14 and 8.51.0 thru 8.51.04. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2010-4439Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft and JDEdwards Suite (subcomponent: eProfile - Manager Desktop). Supported versions that are affected are 9.0 Bundle #14 and 9.1 Bundle #4. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HRMS accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2010-4441Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft and JDEdwards Suite (subcomponent: Talent Acquisition Manager). The supported version that is affected is 9.1 Bundle #4. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise HRMS accessible data as well as read access to a subset of PeopleSoft Enterprise HRMS accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2010-4445Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft and JDEdwards Suite (subcomponent: Talent Acquisition Manager). Supported versions that are affected are 9.0 Bundle #14 and 9.1 Bundle #4. Easily exploitable vulnerability allows successful authenticated network attacks via HTTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HRMS accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2010-4461Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft and JDEdwards Suite (subcomponent: ePerformance). Supported versions that are affected are 8.9 Bundle #23, 9.0 Bundle #14 and 9.1 Bundle #4. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise HRMS accessible data as well as read access to a subset of PeopleSoft Enterprise HRMS accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Industry Applications

 


This table provides the text form of the Risk Matrix for Oracle Industry Applications.

CVE IdentifierDescription
CVE-2009-4269Vulnerability in the Health Sciences - InForm component of Oracle Industry Applications (subcomponent: Portal). Supported versions that are affected are 4.5, 4.6 and 5.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Health Sciences - InForm accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2010-3593Vulnerability in the Health Sciences - Oracle Argus Safety component of Oracle Industry Applications (subcomponent: Login). Supported versions that are affected are 5.0, 5.0.1, 5.0.2 and 5.0.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via LDAP. Successful attack of this vulnerability can result in unauthorized takeover of Health Sciences - Oracle Argus Safety possibly including arbitrary code execution within the Health Sciences - Oracle Argus Safety.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Sun Products Suite

 


This table provides the text form of the Risk Matrix for Oracle Sun Products Suite.

CVE IdentifierDescription
CVE-2010-1227Vulnerability in the Sun Java System Communications Express component of Oracle Sun Products Suite (subcomponent: Web mail). Supported versions that are affected are 6.2 and 6.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Sun Java System Communications Express accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2010-2632Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: FTP Server). Supported versions that are affected are 8, 9, 10 and 11 Express. Easily exploitable vulnerability allows successful unauthenticated network attacks via FTP. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 7.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2010-3586Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: XScreenSaver). The supported version that is affected is 9. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data.

CVSS Base Score 3.6 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2010-4414Vulnerability in the Oracle VM VirtualBox component of Oracle Sun Products Suite (subcomponent: Extensions). The supported version that is affected is 4.0. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:C/I:C/A:C). (legend) [Advisory]
CVE-2010-4415Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: libc). Supported versions that are affected are 8, 9 and 10. Difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris.

CVSS Base Score 4.1 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:S/C:P/I:P/A:P). (legend) [Advisory]
CVE-2010-4431Vulnerability in the Sun Java System Portal Server component of Oracle Sun Products Suite (subcomponent: Proxy). Supported versions that are affected are 7.1 and 7.2. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized read access to a subset of Sun Java System Portal Server accessible data.

CVSS Base Score 1.0 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:H/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2010-4433Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Driver). The supported version that is affected is 10. Easily exploitable vulnerability allows successful unauthenticated network attacks via Ethernet. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2010-4435Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: CDE Calendar Manager Service Daemon). Supported versions that are affected are 8, 9 and 10. Easily exploitable vulnerability allows successful unauthenticated network attacks via RPC. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2010-4436Vulnerability in the SunMC component of Oracle Sun Products Suite (subcomponent: Web Console). The supported version that is affected is 4.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of SunMC accessible data.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2010-4438Vulnerability in the Sun GlassFish Enterprise Server, Sun Java System Message Queue component of Oracle Sun Products Suite (subcomponent: Java Message Service (JMS)). Supported versions that are affected are GlassFish 2.1, 2.1.1 and 3.0.1; Message Queue 4.1. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System hang or frequently repeatable crash (complete DOS) as well as update, insert or delete access to some Sun GlassFish Enterprise Server, Sun Java System Message Queue accessible data and read access to a subset of Sun GlassFish Enterprise Server, Sun Java System Message Queue accessible data.

CVSS Base Score 5.7 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:P/I:P/A:C). (legend) [Advisory]
CVE-2010-4440Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11 Express. Difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 4.4 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:S/C:N/I:N/A:C). (legend) [Advisory]
CVE-2010-4442Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11 Express. Difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 4.4 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:S/C:N/I:N/A:C). (legend) [Advisory]
CVE-2010-4443Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel/NFS). Supported versions that are affected are 10 and 11 Express. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 4.7 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2010-4444Vulnerability in the Sun Java System Access Manager, Oracle OpenSSO component of Oracle Sun Products Suite (subcomponent: Multiple). Supported versions that are affected are 7, 7.1 and 8. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Sun Java System Access Manager, Oracle OpenSSO accessible data as well as read access to a subset of Sun Java System Access Manager, Oracle OpenSSO accessible data and ability to cause a partial denial of service (partial DOS) of Sun Java System Access Manager, Oracle OpenSSO.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2010-4446Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel/InfiniBand). The supported version that is affected is 11 Express. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 4.6 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:N/I:N/A:C). (legend) [Advisory]
CVE-2010-4456Vulnerability in the Sun Java System Communications Express component of Oracle Sun Products Suite (subcomponent: Web Mail). Supported versions that are affected are 6.2 and 6.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Sun Java System Communications Express accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2010-4457Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: CIFS). The supported version that is affected is 11 Express. Easily exploitable vulnerability allows successful unauthenticated network attacks via SMB. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 7.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2010-4458Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: ZFS). The supported version that is affected is 11 Express. Difficult to exploit vulnerability requiring logon to Operating System plus additional, multiple logins to components. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 4.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:M/C:N/I:N/A:C). (legend) [Advisory]
CVE-2010-4459Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel/sockfs). The supported version that is affected is 11 Express. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 4.6 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:N/I:N/A:C). (legend) [Advisory]
CVE-2010-4460Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Fault Manager Daemon). The supported version that is affected is 10. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data.

CVSS Base Score 3.6 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2010-4464Vulnerability in the Sun Convergence component of Oracle Sun Products Suite (subcomponent: Webmail). The supported version that is affected is 1.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Sun Convergence accessible data as well as read access to a subset of Sun Convergence accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Open Office Suite

 


This table provides the text form of the Risk Matrix for Oracle Open Office Suite.

CVE IdentifierDescription
CVE-2010-2935Vulnerability in the Oracle Open Office, StarOffice, StarSuite component of Oracle Open Office Suite (subcomponent: Microsoft PowerPoint Attachments). Supported versions that are affected are Open Office 3.2.1; StarOffice StarSuite 7 and 8. Difficult to exploit vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: The CVSS Base Score is 9.3 when opening malicious attachments as root/administrator. The impacts for Confidentiality, Integrity and Availability are Complete. The CVSS Base Score is 6.8 when opening with limited privileges. The impacts for Confidentiality, Integrity and Availability are Partial+.

CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2010-2936Vulnerability in the Oracle Open Office, StarOffice, StarSuite component of Oracle Open Office Suite (subcomponent: Microsoft PowerPoint Attachments). Supported versions that are affected are Open Office 3.2.1; StarOffice StarSuite 7 and 8. Difficult to exploit vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: The CVSS Base Score is 9.3 when opening malicious attachments as root/administrator. The impacts for Confidentiality, Integrity and Availability are Complete. The CVSS Base Score is 6.8 when opening with limited privileges. The impacts for Confidentiality, Integrity and Availability are Partial+.

CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]