Text Form of Oracle Critical Patch Update - January 2012 Risk Matrices



This document provides the text form of the CPUJan2012 Advisory Risk Matrices. Please note that the CVE numbers in this document correspond to the same CVE numbers in the CPUJan2012 Advisory

This page contains the following text format Risk Matrices:

 

Text Form of Risk Matrix for Oracle Database Server

 


This table provides the text form of the Risk Matrix for Oracle Database Server.

CVE IdentifierDescription
CVE-2012-0072Vulnerability in the Listener component of Oracle Database Server. Supported versions that are affected are 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7 and 11.2.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Listener.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-0082Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Create session privileges for a successful attack. Supported versions that are affected are 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2 and 11.2.0.3. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Core RDBMS as well as update, insert or delete access to some Core RDBMS accessible data.

Note: The fix for this vulnerability has a significant non-security component. It is recommended that customers review MOS document 1376995.1 to determine the urgency and best plan of action for applying the fix for this vulnerability.

CVSS Base Score 5.5 (Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:P). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Fusion Middleware

 


This table provides the text form of the Risk Matrix for Oracle Fusion Middleware.

CVE IdentifierDescription
CVE-2011-3531Vulnerability in the Oracle Web Services Manager component of Oracle Fusion Middleware (subcomponent: Web Services Security). Supported versions that are affected are 11.1.1.3, 11.1.1.4 and 11.1.1.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Web Services Manager.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2011-3566Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.3, 10.3.4 and 10.3.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2011-3568Vulnerability in the Oracle Web Services Manager component of Oracle Fusion Middleware (subcomponent: Web Services Security). Supported versions that are affected are 11.1.1.3, 11.1.1.4 and 11.1.1.5. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Web Services Manager accessible data as well as read access to a subset of Oracle Web Services Manager accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-3569Vulnerability in the Oracle Web Services Manager component of Oracle Fusion Middleware (subcomponent: Web Services Security). Supported versions that are affected are 11.1.1.3, 11.1.1.4 and 11.1.1.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Web Services Manager accessible data.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-4516Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: JPEG 2000 Filter). Supported versions that are affected are 8.3.5 and 8.3.7. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Outside In Technology accessible data as well as read access to a subset of Oracle Outside In Technology accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code the CVSS score would increase to 6.8.

CVSS Base Score 4.4 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-4517Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: JPEG 2000 Filter). Supported versions that are affected are 8.3.5 and 8.3.7. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Outside In Technology accessible data as well as read access to a subset of Oracle Outside In Technology accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code the CVSS score would increase to 6.8.

CVSS Base Score 4.4 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2012-0077Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS-Console). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.3, 10.3.4 and 10.3.5. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebLogic Server accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2012-0083Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Search). Supported versions that are affected are 7.5.2, 10.1.3.5.1, 11.1.1.3, 11.1.1.4 and 11.1.1.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle WebCenter Content accessible data as well as read access to all Oracle WebCenter Content accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2012-0084Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Supported versions that are affected are 7.5.2, 10.1.3.5.1, 11.1.1.3, 11.1.1.4 and 11.1.1.5. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebCenter Content accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2012-0085Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Supported versions that are affected are 7.5.2 and 10.1.3.5.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebCenter Content accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2012-0110Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Image Export SDK). Supported versions that are affected are 8.3.5 and 8.3.7. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Outside In Technology accessible data as well as read access to a subset of Oracle Outside In Technology accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code the CVSS score would increase to 6.8.

CVSS Base Score 4.4 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle E-Business Suite

 


This table provides the text form of the Risk Matrix for Oracle E-Business Suite.

CVE IdentifierDescription
CVE-2011-2271Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments / File Upload). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Object Library accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2012-0073Vulnerability in the Oracle Forms component of Oracle E-Business Suite (subcomponent: Oracle Forms). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Forms accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2012-0078Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: REST Services (Menu, LOV)). Supported versions that are affected are 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Supply Chain Products Suite

 


This table provides the text form of the Risk Matrix for Oracle Supply Chain Products Suite.

CVE IdentifierDescription
CVE-2011-3192Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 5.5.06, 6.0, 6.1 and 6.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Transportation Management.

Note: This fix addresses the security issue CVE-2011-3192, a denial of service vulnerability in Apache HTTPD, which is applicable to Oracle Transportation Management (OTM) products utilizing Apache 2.0 or 2.2. The National Vulnerability Database has reported a CVSS Base Score for this vulnerability of 7.8 indicating a complete Operating System denial of service (DOS); however a complete Operating System denial of service is not possible on any platform supported by Oracle, and as a result, Oracle has given the vulnerability a CVSS Base Score of 5.0 indicating a complete denial of service of the Oracle Transportation Management but not the Operating System. Other fixes for CVE-2011-3192 were distributed earlier in a Security Alert in September 2011.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle PeopleSoft Products

 


This table provides the text form of the Risk Matrix for Oracle PeopleSoft Products.

CVE IdentifierDescription
CVE-2012-0074Vulnerability in the PeopleSoft Enterprise CRM component of Oracle PeopleSoft Products (subcomponent: Sales). The supported version that is affected is 8.9. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise CRM accessible data.

CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2012-0076Vulnerability in the PeopleSoft Enterprise HCM component of Oracle PeopleSoft Products (subcomponent: ePerformance). Supported versions that are affected are 9.0 and 9.1. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2012-0080Vulnerability in the PeopleSoft Enterprise HCM component of Oracle PeopleSoft Products (subcomponent: Talent Acquisition Management). The supported version that is affected is 9.1. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2012-0088Vulnerability in the PeopleSoft Enterprise HCM component of Oracle PeopleSoft Products (subcomponent: Benefits Administration). Supported versions that are affected are 8.9, 9.0 and 9.1. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2012-0089Vulnerability in the PeopleSoft Enterprise HCM component of Oracle PeopleSoft Products (subcomponent: ePerformance). The supported version that is affected is 9.1. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2012-0091Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Upgrade Change Assistance). The supported version that is affected is 8.52.05. Very difficult to exploit vulnerability allows successful network attacks via HTTP, requiring multiple authentications, but can only be launched from an adjacent network. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all PeopleSoft Enterprise PeopleTools accessible data and ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools.

CVSS Base Score 2.7 (Integrity and Availability impacts). CVSS V2 Vector: (AV:A/AC:H/Au:M/C:N/I:P/A:P). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle JD Edwards Products

 


This table provides the text form of the Risk Matrix for Oracle JD Edwards Products.

CVE IdentifierDescription
CVE-2011-2317Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Enterprise Infrastucture SEC (JDNET)). The supported version that is affected is 8.98. Easily exploitable vulnerability allows successful authenticated network attacks via JDENET. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some JD Edwards EnterpriseOne Tools accessible data.

CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-2321Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Enterprise Infrastructure SEC (JDNET)). The supported version that is affected is 8.98. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-2324Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Enterprise Infrastructure SEC (JDENET)). The supported version that is affected is 8.98. Easily exploitable vulnerability allows successful unauthenticated network attacks via JDENET. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of JD Edwards EnterpriseOne Tools.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2011-2325Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Enterprise Infrastructure SEC (JDENET)). The supported version that is affected is 8.98. Easily exploitable vulnerability allows successful authenticated network attacks via JDENET. Successful attack of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-2326Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Enterprise Infrastructure SEC (JDENET)). The supported version that is affected is 8.98. Easily exploitable vulnerability allows successful authenticated network attacks via JDENET. Successful attack of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-3509Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Enterprise Infrastructure SEC (JDENET)). The supported version that is affected is 8.98. Easily exploitable vulnerability allows successful authenticated network attacks via JDENET. Successful attack of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-3514Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Enterprise Infrastructure SEC (JDENET)). The supported version that is affected is 8.98. Easily exploitable vulnerability allows successful authenticated network attacks via JDENET. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some JD Edwards EnterpriseOne Tools accessible data.

CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-3524Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Enterprise Infrastructure SEC (JDENET)). The supported version that is affected is 8.98. Easily exploitable vulnerability allows successful authenticated network attacks via JDENET. Successful attack of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Sun Products Suite

 


This table provides the text form of the Risk Matrix for Oracle Sun Products Suite.

CVE IdentifierDescription
CVE-2011-3564Vulnerability in the GlassFish Enterprise Server component of Oracle Sun Products Suite (subcomponent: Administration). The supported version that is affected is GlassFish Enterprise Server 2.1.1. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of GlassFish Enterprise Server accessible data.

CVSS Base Score 2.1 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-3565Vulnerability in the Oracle Communications Unified component of Oracle Sun Products Suite (subcomponent: Calendar Server). The supported version that is affected is 7.0. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Communications Unified accessible data as well as read access to a subset of Oracle Communications Unified accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Communications Unified.

CVSS Base Score 4.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-3570Vulnerability in the Oracle Communications Unified component of Oracle Sun Products Suite (subcomponent: Calendar Server). The supported version that is affected is 7.0. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Unified accessible data.

CVSS Base Score 2.1 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-3573Vulnerability in the Oracle Communications Unified component of Oracle Sun Products Suite (subcomponent: Calendar Server). The supported version that is affected is 7.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Unified.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2011-3574Vulnerability in the Oracle Communications Unified component of Oracle Sun Products Suite (subcomponent: Calendar Server). The supported version that is affected is 7.0. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Communications Unified accessible data as well as read access to a subset of Oracle Communications Unified accessible data.

CVSS Base Score 3.3 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-5035Vulnerability in the GlassFish Enterprise Server component of Oracle Sun Products Suite (subcomponent: Web Container). Supported versions that are affected are Communications Server 2.0, GlassFish Enterprise Server 2.1.1, 3.0.1, 3.1.1, Sun Java System Application Server 8.1 and 8.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of GlassFish Enterprise Server.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-0079Vulnerability in the Oracle OpenSSO component of Oracle Sun Products Suite (subcomponent: Administration). Supported versions that are affected are 7.1 and 8.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle OpenSSO accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2012-0081Vulnerability in the GlassFish Enterprise Server component of Oracle Sun Products Suite (subcomponent: Administration). The supported version that is affected is GlassFish Enterprise Server 3.1.1. Very difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized takeover of GlassFish Enterprise Server possibly including arbitrary code execution within the GlassFish Enterprise Server.

CVSS Base Score 3.7 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2012-0094Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: TCP/IP). Supported versions that are affected are 9, 10 and 11 Express. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 7.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2012-0096Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Network). Supported versions that are affected are 8, 9, 10 and 11 Express. Easily exploitable vulnerability allows successful unauthenticated network attacks via RPC. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-0097Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: ksh93 Shell). The supported version that is affected is 11 Express. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data.

CVSS Base Score 2.1 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2012-0098Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel). Supported versions that are affected are 8, 9, 10 and 11 Express. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris.

CVSS Base Score 1.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-0099Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: sshd). Supported versions that are affected are 9, 10 and 11 Express. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via SSH. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris.

CVSS Base Score 2.6 (Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-0100Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kerberos). Supported versions that are affected are 9, 10 and 11 Express. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:C/I:C/A:C). (legend) [Advisory]
CVE-2012-0103Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel). The supported version that is affected is 11 Express. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2012-0104Vulnerability in the GlassFish Enterprise Server component of Oracle Sun Products Suite (subcomponent: Web Container). Supported versions that are affected are GlassFish Enterprise Server 3.0.1 and 3.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of GlassFish Enterprise Server.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-0109Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: TCP/IP). Supported versions that are affected are 8, 9, 10 and 11 Express. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris.

CVSS Base Score 3.6 (Confidentiality and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:P). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Virtualization

 


This table provides the text form of the Risk Matrix for Oracle Virtualization.

CVE IdentifierDescription
CVE-2011-3571Vulnerability in the Virtual Desktop Infrastructure (VDI) component of Oracle Virtualization (subcomponent: Session). The supported version that is affected is 3.2. Very difficult to exploit vulnerability allows successful authenticated network attacks via None. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Virtual Desktop Infrastructure (VDI) accessible data as well as read access to a subset of Virtual Desktop Infrastructure (VDI) accessible data.

CVSS Base Score 3.6 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2012-0105Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Windows Guest Additions). The supported version that is affected is 4.1. Very difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle VM VirtualBox accessible data as well as read access to a subset of Oracle VM VirtualBox accessible data and ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox.

CVSS Base Score 3.7 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2012-0111Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folders). The supported version that is affected is 4.1. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle VM VirtualBox accessible data as well as read access to a subset of Oracle VM VirtualBox accessible data.

CVSS Base Score 3.6 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle MySQL

 


This table provides the text form of the Risk Matrix for Oracle MySQL.

CVE IdentifierDescription
CVE-2011-2262Vulnerability in the MySQL Server component of Oracle MySQL. Supported versions that are affected are 5.1.x and 5.5.x. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-0075Vulnerability in the MySQL Server component of Oracle MySQL. Supported versions that are affected are 5.0.x, 5.1.x and 5.5.x. Very difficult to exploit vulnerability allows successful network attacks via multiple protocols, requiring multiple authentications. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some MySQL Server accessible data.

CVSS Base Score 1.7 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:M/C:N/I:P/A:N). (legend) [Advisory]
CVE-2012-0087Vulnerability in the MySQL Server component of Oracle MySQL. Supported versions that are affected are 5.0.x and 5.1.x. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-0101Vulnerability in the MySQL Server component of Oracle MySQL. Supported versions that are affected are 5.0.x and 5.1.x. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-0102Vulnerability in the MySQL Server component of Oracle MySQL. Supported versions that are affected are 5.0.x and 5.1.x. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-0112Vulnerability in the MySQL Server component of Oracle MySQL. Supported versions that are affected are 5.1.x and 5.5.x. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-0113Vulnerability in the MySQL Server component of Oracle MySQL. Supported versions that are affected are 5.1.x and 5.5.x. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server and read access to a subset of MySQL Server accessible data.

CVSS Base Score 5.5 (Confidentiality and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:P). (legend) [Advisory]
CVE-2012-0114Vulnerability in the MySQL Server component of Oracle MySQL. Supported versions that are affected are 5.0.x, 5.1.x and 5.5.x. Difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized read access to all MySQL Server accessible data as well as update, insert or delete access to some MySQL Server accessible data.

CVSS Base Score 3.0 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:L/AC:M/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2012-0115Vulnerability in the MySQL Server component of Oracle MySQL. Supported versions that are affected are 5.1.x and 5.5.x. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-0116Vulnerability in the MySQL Server component of Oracle MySQL. Supported versions that are affected are 5.1.x and 5.5.x. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to all MySQL Server accessible data as well as update, insert or delete access to some MySQL Server accessible data.

CVSS Base Score 4.9 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2012-0117Vulnerability in the MySQL Server component of Oracle MySQL. The supported version that is affected is 5.5.x. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-0118Vulnerability in the MySQL Server component of Oracle MySQL. Supported versions that are affected are 5.1.x and 5.5.x. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server and read access to a subset of MySQL Server accessible data.

CVSS Base Score 4.9 (Confidentiality and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:P). (legend) [Advisory]
CVE-2012-0119Vulnerability in the MySQL Server component of Oracle MySQL. Supported versions that are affected are 5.1.x and 5.5.x. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-0120Vulnerability in the MySQL Server component of Oracle MySQL. Supported versions that are affected are 5.1.x and 5.5.x. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-0484Vulnerability in the MySQL Server component of Oracle MySQL. Supported versions that are affected are 5.0.x, 5.1.x and 5.5.x. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2012-0485Vulnerability in the MySQL Server component of Oracle MySQL. Supported versions that are affected are 5.1.x and 5.5.x. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-0486Vulnerability in the MySQL Server component of Oracle MySQL. The supported version that is affected is 5.5.x. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-0487Vulnerability in the MySQL Server component of Oracle MySQL. The supported version that is affected is 5.5.x. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-0488Vulnerability in the MySQL Server component of Oracle MySQL. The supported version that is affected is 5.5.x. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-0489Vulnerability in the MySQL Server component of Oracle MySQL. The supported version that is affected is 5.5.x. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-0490Vulnerability in the MySQL Server component of Oracle MySQL. Supported versions that are affected are 5.0.x, 5.1.x and 5.5.x. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-0491Vulnerability in the MySQL Server component of Oracle MySQL. The supported version that is affected is 5.5.x. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-0492Vulnerability in the MySQL Server component of Oracle MySQL. Supported versions that are affected are 5.1.x and 5.5.x. Very difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-0493Vulnerability in the MySQL Server component of Oracle MySQL. The supported version that is affected is 5.5.x. Very difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-0494Vulnerability in the MySQL Server component of Oracle MySQL. The supported version that is affected is 5.5.x. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 1.7 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-0495Vulnerability in the MySQL Server component of Oracle MySQL. The supported version that is affected is 5.5.x. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-0496Vulnerability in the MySQL Server component of Oracle MySQL. The supported version that is affected is 5.5.x. Difficult to exploit vulnerability allows successful network attacks via multiple protocols, requiring multiple authentications. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some MySQL Server accessible data as well as read access to a subset of MySQL Server accessible data.

CVSS Base Score 4.3 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:M/C:P/I:P/A:N). (legend) [Advisory]