Text Form of Oracle Critical Patch Update - July 2011 Risk Matrices



This document provides the text form of the CPUJul2011 Advisory Risk Matrices. Please note that the CVE numbers in this document correspond to the same CVE numbers in the CPUJul2011 Advisory

This page contains the following text format Risk Matrices:

 

Text Form of Risk Matrix for Oracle Database Server

 


This table provides the text form of the Risk Matrix for Oracle Database Server.

CVE IdentifierDescription
CVE-2011-0832Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Create session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.1 and 11.2.0.2. Difficult to exploit vulnerability allows successful authenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized takeover of Core RDBMS possibly including arbitrary code execution within the Core RDBMS.

CVSS Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-0835Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Create session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.1 and 11.2.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized takeover of Core RDBMS possibly including arbitrary code execution within the Core RDBMS.

CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-0838Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Create session, create procedure privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.1 and 11.2.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized takeover of Core RDBMS possibly including arbitrary code execution within the Core RDBMS.

CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-0880Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Create session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.1 and 11.2.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized takeover of Core RDBMS possibly including arbitrary code execution within the Core RDBMS.

CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-2230Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7 and 11.2.0.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Core RDBMS.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2011-2231Vulnerability in the XML Developer Kit component of Oracle Database Server. Supported versions that are affected are 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7 and 11.2.0.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via Various. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of XML Developer Kit.

Note: Patching the client is required to protect applications that make use of the XML Developer Kit. However, patching the server is sufficient to protect the database.

CVSS Base Score 4.3 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2011-2232Vulnerability in the XML Developer Kit component of Oracle Database Server. This vulnerability requires Authenticated session privileges for a successful attack. Supported versions that are affected are 10.1.0.5, 10.2.0.3, 10.2.0.4, 11.1.0.7 and 11.2.0.1. Difficult to exploit vulnerability allows successful authenticated network attacks via Various. Successful attack of this vulnerability can result in unauthorized takeover of XML Developer Kit possibly including arbitrary code execution within the XML Developer Kit.

Note: Patching the client is required to protect applications that make use of the XML Developer Kit. However, patching the server is sufficient to protect the database.

CVSS Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-2238Vulnerability in the Database Vault component of Oracle Database Server. This vulnerability requires Execute on DBMS_SYS_SQL privileges for a successful attack. Supported versions that are affected are 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7 and 11.2.0.1. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Database Vault accessible data.

CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-2239Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Create library, Execute on package XMLSEQ_IMP_T privileges for a successful attack. Supported versions that are affected are 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1 and 11.2.0.2. Very difficult to exploit vulnerability allows successful authenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:C/I:C/A:C). (legend) [Advisory]
CVE-2011-2240Vulnerability in the Oracle Universal Installer component of Oracle Database Server. This vulnerability requires Access to filesystem privileges for a successful attack. The supported version that is affected is 10.1.0.5. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized read access to all Oracle Universal Installer accessible data.

CVSS Base Score 1.7 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-2242Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Local account and Database account with privilege to login to XML DB FTP privileges for a successful attack. Supported versions that are affected are 11.2.0.1 and 11.2.0.2. Difficult to exploit vulnerability requiring logon to Operating System plus additional, multiple logins to components. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized read access to a subset of Core RDBMS accessible data.

CVSS Base Score 1.3 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:M/Au:M/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-2243Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Create session and trigger as SYSDBA privileges for a successful attack. Supported versions that are affected are 11.1.0.7.3, 11.2.0.1 and 11.2.0.2. Difficult to exploit vulnerability allows successful authenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Core RDBMS accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-2253Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires SYSDBA privileges for a successful attack. Supported versions that are affected are 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1 and 11.2.0.2. Very difficult to exploit vulnerability allows successful authenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:C/I:C/A:C). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Secure Backup

 


This table provides the text form of the Risk Matrix for Oracle Secure Backup.

CVE IdentifierDescription
CVE-2011-2251Vulnerability in the Oracle Secure Backup component of Oracle Secure Backup. The supported version that is affected is 10.3.0.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Secure Backup accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-2252Vulnerability in the Oracle Secure Backup component of Oracle Secure Backup. The supported version that is affected is 10.3.0.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Secure Backup accessible data as well as read access to all Oracle Secure Backup accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Secure Backup.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-2261Vulnerability in the Oracle Secure Backup component of Oracle Secure Backup. The supported version that is affected is 10.3.0.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: CVSS Score is 10.0 for Windows based installation. For Linux, Unix and other platforms, the CVSS Base Score is 7.5, and the impacts for Confidentiality, Integrity and Availability are Partial.

CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Fusion Middleware

 


This table provides the text form of the Risk Matrix for Oracle Fusion Middleware.

CVE IdentifierDescription
CVE-2010-1321Vulnerability in the Oracle Security Service component of Oracle Fusion Middleware (subcomponent: Security Toolkit). Supported versions that are affected are 11.1.1.3, 11.1.1.4 and 11.1.1.5. Easily exploitable vulnerability allows successful authenticated network attacks via Kerberos. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 6.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C). (legend) [Advisory]
CVE-2011-0873Vulnerability in the Oracle JRockit component of Oracle Fusion Middleware. Supported versions that are affected are R27.6.9 and before: JRE/JDK 1.4.2 and 5 and 6; R28.1.3 and before: JRE/JDK 5 and 6. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Oracle released a Java Critical Patch Update in June 2011 to address multiple vulnerabilities affecting the Java Runtime Environment. Oracle CVE-2011-0873 refers to the advisories that were applicable to JRockit from the Java Critical Patch Update. The CVSS score of this vulnerability CVE# reflects the highest among those fixed in JRockit. The complete list of all advisories addressed in JRockit under CVE-2011-0873 is as follows: CVE-2011-0802, CVE-2011-0814, CVE-2011-0815, CVE-2011-0862, CVE-2011-0865, CVE-2011-0866, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871, CVE-2011-0872 and CVE-2011-0873.

CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2011-0883Vulnerability in the Oracle Containers for J2EE component of Oracle Fusion Middleware (subcomponent: Servlet Runtime in OC4J). Supported versions that are affected are 10.1.2.3, 10.1.3.5, 10.1.4.0.1 and 10.1.4.3. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Containers for J2EE accessible data.

CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-0884Vulnerability in the Oracle BPEL Process Manager component of Oracle Fusion Middleware (subcomponent: BPEL Console). For supported versions that are affected see note. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle BPEL Process Manager.

Note: Fixed in all supported releases and patchsets.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2011-2241Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Server). Supported versions that are affected are 10.1.3.4.1 and 11.1.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2011-2264Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.3.2.0 and 8.3.5.0. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized takeover of Oracle Outside In Technology possibly including arbitrary code execution within the Oracle Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. Its privileges are controlled by the embedding technology. Depending on the hosting software, the CVSS score can be as high as 9.3 if the hosting software runs as root and passes data received over the network to Outside In Technology code.

CVSS Base Score 4.4 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-2267Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.3.2.0 and 8.3.5.0. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. Its privileges are controlled by the embedding technology. Depending on the hosting software, the CVSS score can be as high as 7.1 if the hosting software runs as root and passes data received over the network to Outside In Technology code.

CVSS Base Score 1.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Enterprise Manager Grid Control

 


This table provides the text form of the Risk Matrix for Oracle Enterprise Manager Grid Control.

CVE IdentifierDescription
CVE-2011-0811Vulnerability in the Enterprise Config Management component of Oracle Enterprise Manager Grid Control (subcomponent: None). Supported versions that are affected are 10.1.0.6 and 10.2.0.5. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to any arbitrary Operating System location.

CVSS Base Score 4.9 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:C/I:N/A:N). (legend) [Advisory]
CVE-2011-0816Vulnerability in the CMDB Metadata & Instance APIs component of Oracle Enterprise Manager Grid Control (subcomponent: None). Supported versions that are affected are 10.1.0.6 and 10.2.0.5. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all CMDB Metadata & Instance APIs accessible data as well as read access to all CMDB Metadata & Instance APIs accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-0822Vulnerability in the Streams, AQ & Replication Mgmt component of Oracle Enterprise Manager Grid Control (subcomponent: None). The supported version that is affected is 10.1.0.6. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Streams, AQ & Replication Mgmt accessible data as well as read access to a subset of Streams, AQ & Replication Mgmt accessible data and ability to cause a partial denial of service (partial DOS) of Streams, AQ & Replication Mgmt.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-0830Vulnerability in the Event Management component of Oracle Enterprise Manager Grid Control (subcomponent: Rules Management UI). The supported version that is affected is 10.1.0.6. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Event Management accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-0831Vulnerability in the Enterprise Config Management component of Oracle Enterprise Manager Grid Control (subcomponent: None). Supported versions that are affected are 10.1.0.6 and 10.2.0.5. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Enterprise Config Management accessible data as well as read access to all Enterprise Config Management accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-0845Vulnerability in the Database Control component of Oracle Enterprise Manager Grid Control (subcomponent: None). The supported version that is affected is 10.1.0.6. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Database Control accessible data as well as read access to a subset of Database Control accessible data and ability to cause a partial denial of service (partial DOS) of Database Control.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-0848Vulnerability in the Security Framework component of Oracle Enterprise Manager Grid Control (subcomponent: User Model). Supported versions that are affected are 10.1.0.6 and 10.2.0.5. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Security Framework accessible data as well as read access to a subset of Security Framework accessible data and ability to cause a partial denial of service (partial DOS) of Security Framework.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-0852Vulnerability in the Security Management component of Oracle Enterprise Manager Grid Control (subcomponent: Audit Administration). The supported version that is affected is 10.1.0.6. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Security Management accessible data as well as read access to a subset of Security Management accessible data and ability to cause a partial denial of service (partial DOS) of Security Management.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-0870Vulnerability in the Schema Management component of Oracle Enterprise Manager Grid Control (subcomponent: None). Supported versions that are affected are 10.1.0.6 and 10.2.0.5. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Schema Management accessible data as well as read access to a subset of Schema Management accessible data and ability to cause a partial denial of service (partial DOS) of Schema Management.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-0875Vulnerability in the EMCTL component of Oracle Enterprise Manager Grid Control (subcomponent: None). The supported version that is affected is See note. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all EMCTL accessible data as well as read access to all EMCTL accessible data.

Note: Fixed in all supported releases and patchsets.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-0876Vulnerability in the Enterprise Manager Console component of Oracle Enterprise Manager Grid Control (subcomponent: Security). Supported versions that are affected are 10.1.0.6 and 10.2.0.5. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Console accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-0877Vulnerability in the Instance Management component of Oracle Enterprise Manager Grid Control (subcomponent: None). The supported version that is affected is 10.1.0.6. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Instance Management accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-0879Vulnerability in the Instance Management component of Oracle Enterprise Manager Grid Control (subcomponent: None). Supported versions that are affected are 10.1.0.6 and 10.2.0.5. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Instance Management accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-0881Vulnerability in the EMCTL component of Oracle Enterprise Manager Grid Control (subcomponent: None). The supported version that is affected is 10.1.0.6. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some EMCTL accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-0882Vulnerability in the Content Management component of Oracle Enterprise Manager Grid Control (subcomponent: Scheduler). The supported version that is affected is See note. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Content Management accessible data as well as read access to a subset of Content Management accessible data and ability to cause a partial denial of service (partial DOS) of Content Management.

Note: Fixed in all supported releases and patchsets.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-2244Vulnerability in the Security Framework component of Oracle Enterprise Manager Grid Control (subcomponent: Authentication). Supported versions that are affected are 10.1.0.6, 10.2.0.5 and 11.1.0.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Security Framework accessible data as well as read access to a subset of Security Framework accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-2248Vulnerability in the SQL Performance Advisories/UIs component of Oracle Enterprise Manager Grid Control (subcomponent: SQL Details UI & Explain Plan). Supported versions that are affected are 10.1.0.6, 10.2.0.5 and 11.1.0.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some SQL Performance Advisories/UIs accessible data as well as read access to a subset of SQL Performance Advisories/UIs accessible data and ability to cause a partial denial of service (partial DOS) of SQL Performance Advisories/UIs.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-2257Vulnerability in the Database Target Type Menus component of Oracle Enterprise Manager Grid Control (subcomponent: None). Supported versions that are affected are 10.1.0.6, 10.2.0.5 and 11.1.0.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Database Target Type Menus accessible data as well as read access to a subset of Database Target Type Menus accessible data and ability to cause a partial denial of service (partial DOS) of Database Target Type Menus.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle E-Business Suite

 


This table provides the text form of the Risk Matrix for Oracle E-Business Suite.

CVE IdentifierDescription
CVE-2011-2246Vulnerability in the Business Intelligence component of Oracle E-Business Suite (subcomponent: Financials). Supported versions that are affected are 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Business Intelligence accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Supply Chain Products Suite

 


This table provides the text form of the Risk Matrix for Oracle Supply Chain Products Suite.

CVE IdentifierDescription
CVE-2011-2273Vulnerability in the Agile Core Technology component of Oracle Supply Chain Products Suite (subcomponent: Search). Supported versions that are affected are 9.3.0.3 and 9.3.1.1. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Agile Core Technology accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle PeopleSoft Products

 


This table provides the text form of the Risk Matrix for Oracle PeopleSoft Products.

CVE IdentifierDescription
CVE-2011-2250Vulnerability in the PeopleSoft Enterprise FIN component of Oracle PeopleSoft Products (subcomponent: Receivables). Supported versions that are affected are 9.0 Bundle #36 and 9.1 Bundle #13. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise FIN accessible data as well as read access to a subset of PeopleSoft Enterprise FIN accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-2272Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: eProcurement). Supported versions that are affected are 9.0 Bundle #36 and 9.1 Bundle #13. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise FSCM accessible data as well as read access to a subset of PeopleSoft Enterprise FSCM accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-2274Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: None). Supported versions that are affected are 8.49.31, 8.50.20 and 8.51.11. Difficult to exploit vulnerability allows successful authenticated network attacks via Proprietary. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all PeopleSoft Enterprise PeopleTools accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-2275Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: None). Supported versions that are affected are 8.49.31, 8.50.20 and 8.51.11. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all PeopleSoft Enterprise PeopleTools accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-2277Vulnerability in the PeopleSoft Enterprise SCM component of Oracle PeopleSoft Products (subcomponent: Purchasing). The supported version that is affected is 9.0 Bundle #36 9.1 Bundle #13. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise SCM accessible data as well as read access to a subset of PeopleSoft Enterprise SCM accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-2278Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: Talent Acquisition Manager). The supported version that is affected is 8.9 Bundle #24 9.0 Bundle #17 9.1 Bundle #6. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HRMS accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-2279Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: Talent Acquisition Manager). The supported version that is affected is 9.1 Bundle #6. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise HRMS accessible data as well as read access to a subset of PeopleSoft Enterprise HRMS accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-2280Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: None). Supported versions that are affected are 8.49.31, 8.50.20 and 8.51.11. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data.

CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-2281Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: Global Payroll Core). Supported versions that are affected are 8.9 Update 2011-D. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise HRMS accessible data as well as read access to a subset of PeopleSoft Enterprise HRMS accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-2282Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: None). Supported versions that are affected are 8.50.20 and 8.51.11. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-2283Vulnerability in the PeopleSoft Enterprise FMS component of Oracle PeopleSoft Products (subcomponent: Payables). Supported versions that are affected are 9.0 Bundle #36 and 9.1 Bundle #13. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise FMS accessible data as well as read access to a subset of PeopleSoft Enterprise FMS accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-2284Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: ePerformance). The supported version that is affected is 9.0 Bundle #17. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HRMS accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Sun Products Suite

 


This table provides the text form of the Risk Matrix for Oracle Sun Products Suite.

CVE IdentifierDescription
CVE-2011-1511Vulnerability in the Oracle GlassFish Server component of Oracle Sun Products Suite (subcomponent: Administration). Supported versions that are affected are 2.1.1 and 3.0.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: CVE-2011-1511: CVSS score is 10 for Windows platform. The score will be 7.5 on Linux or Solaris platform.

CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2011-2245Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: SSH). Supported versions that are affected are 9 and 10. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSH. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-2249Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: TCP/IP). Supported versions that are affected are 8, 9 and 10. Difficult to exploit vulnerability allows successful authenticated network attacks via TCP/IP, but can only be launched from an adjacent network. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 5.2 (Availability impacts). CVSS V2 Vector: (AV:A/AC:M/Au:S/C:N/I:N/A:C). (legend) [Advisory]
CVE-2011-2258Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: rksh). Supported versions that are affected are 8, 9, 10 and 11 Express. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris.

CVSS Base Score 4.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-2259Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: UFS). Supported versions that are affected are 8, 9, 10 and 11 Express. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2011-2260Vulnerability in the Oracle GlassFish Server component of Oracle Sun Products Suite (subcomponent: Administration). The supported version that is affected is 2.1.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle GlassFish Server accessible data as well as read access to a subset of Oracle GlassFish Server accessible data.

CVSS Base Score 5.8 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-2263Vulnerability in the SPARC T3, Netra SPARC T3, Sun Fire, Sun Blade Server Series component of Oracle Sun Products Suite (subcomponent: Sun Integrated Lights Out Manager). The supported version that is affected is SysFW 8.0.3.b or earlier for SPARC T3 based servers; see 1334601.1 for other servers. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of SPARC T3, Netra SPARC T3, Sun Fire, Sun Blade Server Series accessible data.

Note: CVE-2011-2263: Specific products affected are: SPARC T3-1, SPARC T3-1B, SPARC T3-3, SPARC T3-4, Netra SPARC T3-1, Sun Blade X6250, Sun Blade x6270, Sun Blade x6270 M2, Sun Blade X6275, Sun Blade X6275 M2, Sun Blade X6440 M2, Sun Blade X6450, Sun Fire X2270 M2, Sun Fire X2270, Sun Fire X4170 M2, Sun Fire X4170, Sun Fire X4270 M2, Sun Fire X4270, Sun Fire X4275, Sun Fire x4470 M2, Sun Fire x4470, Sun Fire x4540.

CVSS Base Score 2.1 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-2285Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Installer). The supported version that is affected is 10. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2011-2287Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: fingerd). Supported versions that are affected are 8, 9, 10 and 11 Express. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 7.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2011-2288Vulnerability in the SPARC T3 Series, SPARC Netra T3 Series component of Oracle Sun Products Suite (subcomponent: Sun Integrated Lights Out Manager (ILOM)). The supported version that is affected is SysFW 8.1.0.a. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSH. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: CVE-2011-2288: Specific products affected are: SPARC T3-1, SPARC T3-1B, SPARC T3-2, SPARC T3-4, Netra SPARC T3-1, Netra SPARC T3-1B.

CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2011-2289Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: LiveUpgrade). The supported version that is affected is 10. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris.

CVSS Base Score 3.6 (Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:P/A:P). (legend) [Advisory]
CVE-2011-2290Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel/sockfs). Supported versions that are affected are 10 and 11 Express. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2011-2291Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Trusted Extensions). The supported version that is affected is 10. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized read access to a subset of Solaris accessible data.

CVSS Base Score 1.7 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-2293Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Zones). The supported version that is affected is 11 Express. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2011-2294Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: SSH). Supported versions that are affected are 10 and 11 Express. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSH. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2011-2295Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Driver/USB). Supported versions that are affected are 8, 9, 10 and 11 Express. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 4.7 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2011-2296Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel/SCTP). The supported version that is affected is 11 Express. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2011-2297Vulnerability in the Oracle Solaris Cluster component of Oracle Sun Products Suite (subcomponent: Data Service for WebLogic Server). The supported version that is affected is 3.3. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS) as well as update, insert or delete access to some Oracle Solaris Cluster accessible data and read access to a subset of Oracle Solaris Cluster accessible data.

CVSS Base Score 6.1 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:C). (legend) [Advisory]
CVE-2011-2298Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: KSSL). Supported versions that are affected are 10 and 11 Express. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSL. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2011-2299Vulnerability in the SPARC Enterprise M Series component of Oracle Sun Products Suite (subcomponent: XSCF Control Package (XCP) ). The supported version that is affected is XCP 1101 or earlier. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSH. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some SPARC Enterprise M Series accessible data as well as read access to a subset of SPARC Enterprise M Series accessible data and ability to cause a partial denial of service (partial DOS) of SPARC Enterprise M Series.

Note: CVE-2011-2299: Specific products affected are: SPARC Enterprise M3000, SPARC Enterprise M4000, SPARC Enterprise M5000, SPARC Enterprise M8000, SPARC Enterprise M9000.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-2307Vulnerability in the SPARC T3, Netra SPARC T3, Sun Fire, Sun Blade Server Series component of Oracle Sun Products Suite (subcomponent: Sun Integrated Lights Out Manager (ILOM)). The supported version that is affected is SysFW 8.1.0.a for SPARC T3 based servers; see 1334601.1 for other servers. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSH. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some SPARC T3, Netra SPARC T3, Sun Fire, Sun Blade Server Series accessible data as well as read access to a subset of SPARC T3, Netra SPARC T3, Sun Fire, Sun Blade Server Series accessible data and ability to cause a partial denial of service (partial DOS) of SPARC T3, Netra SPARC T3, Sun Fire, Sun Blade Server Series.

Note: CVE-2011-2307: Specific products affected are: SPARC T3-1, SPARC T3-1B, SPARC T3-2, SPARC T3-4, Netra SPARC T3-1, Netra SPARC T3-1B, Sun Fire X4170 M2, Sun Fire X4270 M2, Sun Blade x6270 M2, Sun Fire x4470, Sun Fire x4470 M2.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]