Text Form of Oracle Critical Patch Update - October 2011 Risk Matrices



This document provides the text form of the CPUOct2011 Advisory Risk Matrices. Please note that the CVE numbers in this document correspond to the same CVE numbers in the CPUOct2011 Advisory

This page contains the following text format Risk Matrices:

 

Text Form of Risk Matrix for Oracle Database Server

 


This table provides the text form of the Risk Matrix for Oracle Database Server.

CVE IdentifierDescription
CVE-2011-2301Vulnerability in the Oracle Text component of Oracle Database Server. This vulnerability requires Execute on CTXSYS.DRVDISP privileges for a successful attack. Supported versions that are affected are 10.1.0.5, 10.2.0.3, 10.2.0.4 and 11.1.0.7. Difficult to exploit vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: The CVSS Base Score is 8.5 only for Windows. For Linux, Unix and other platforms, the CVSS Base Score is 6.0, and the impacts for Confidentiality, Integrity and Availability are Partial+.

CVSS Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:C/I:C/A:C). (legend) [Advisory]
CVE-2011-2322Vulnerability in the Database Vault component of Oracle Database Server. This vulnerability requires SYSDBA privileges for a successful attack. The supported version that is affected is 11.1.0.7. Very difficult to exploit vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Database Vault accessible data and ability to cause a partial denial of service (partial DOS) of Database Vault.

CVSS Base Score 3.6 (Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:N/I:P/A:P). (legend) [Advisory]
CVE-2011-3511Vulnerability in the Database Vault component of Oracle Database Server. This vulnerability requires Privileged Account privileges for a successful attack. Supported versions that are affected are 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7 and 11.2.0.2. Very difficult to exploit vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Database Vault accessible data and ability to cause a partial denial of service (partial DOS) of Database Vault.

CVSS Base Score 3.6 (Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:N/I:P/A:P). (legend) [Advisory]
CVE-2011-3512Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Create session, create procedure, create table privileges for a successful attack. Supported versions that are affected are 10.1.0.5, 10.2.0.3, 10.2.0.4,10.2.0.5, 11.1.0.7 and 11.2.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Core RDBMS accessible data as well as read access to all Core RDBMS accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-3525Vulnerability in the Application Express component of Oracle Database Server. This vulnerability requires APEX developer user privileges for a successful attack. Supported versions that are affected are 3.2 and 4.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized takeover of Application Express possibly including arbitrary code execution within the Application Express.

CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Fusion Middleware

 


This table provides the text form of the Risk Matrix for Oracle Fusion Middleware.

CVE IdentifierDescription
CVE-2011-2237Vulnerability in the Oracle Web Services Manager component of Oracle Fusion Middleware (subcomponent: WSM Console). Supported versions that are affected are 10.1.3.5.0 and 10.1.3.5.1. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Web Services Manager accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-2255Vulnerability in the Oracle WebLogic Portal component of Oracle Fusion Middleware. Supported versions that are affected are 9.2.3.0, 10.0.1.0, 10.2.1.0 and 10.3.2.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebLogic Portal accessible data as well as read access to a subset of Oracle WebLogic Portal accessible data and ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Portal.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-2314Vulnerability in the Oracle Containers for J2EE component of Oracle Fusion Middleware (subcomponent: JavaServer Pages). The supported version that is affected is 10.1.2.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Containers for J2EE accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-2318Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 9.2.4.0, 10.0.2.0, 10.3.3.0, 10.3.4.0 and 10.3.5.0. Difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized read access to a subset of Oracle WebLogic Server accessible data.

CVSS Base Score 1.5 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-2319Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: JMS). Supported versions that are affected are 9.2.4.0, 10.0.2.0, 10.3.3.0, 10.3.4.0 and 10.3.5.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data.

CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-2320Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 9.2.4.0, 10.0.2.0, 10.3.3.0, 10.3.4.0 and 10.3.5.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-3192Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware. Supported versions that are affected are 10.1.2.3 (Companion CD), 10.1.3.5 (Companion CD), 11.1.1.3, 11.1.1.4 and 11.1.1.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle HTTP Server.

Note: Fixes for CVE-2011-3192 were distributed earlier in a Security Alert in September of this year. See Alert for CVE-2011-3192, for more information.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2011-3510Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: BI Platform Security). Supported versions that are affected are 11.1.1.3.0 and 11.1.1.5.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Business Intelligence Enterprise Edition accessible data as well as read access to all Oracle Business Intelligence Enterprise Edition accessible data.

CVSS Base Score 4.9 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-3523Vulnerability in the Oracle Web Services Manager component of Oracle Fusion Middleware (subcomponent: WSM Console). Supported versions that are affected are 10.1.3.5.0 and 10.1.3.5.1. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Web Services Manager accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-3541Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.3.5 and 8.3.7. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. Its privileges are controlled by the embedding technology. Depending on the hosting software, the CVSS score can be as high as 7.1 if the hosting software runs as root and passes data received over the network to Outside In Technology code.

CVSS Base Score 1.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle E-Business Suite

 


This table provides the text form of the Risk Matrix for Oracle E-Business Suite.

CVE IdentifierDescription
CVE-2011-2302Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Single Sign On). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.2 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Object Library accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-2303Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments / File Upload). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.2 and 12.1.3. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Object Library accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-2308Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Online Help). Supported versions that are affected are 12.0.6, 12.1.2 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Object Library accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-3513Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: HTML Pages). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.2 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Object Library accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-3519Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: REST Services). Supported versions that are affected are 12.1.2 and 12.1.3. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Framework accessible data.

CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Supply Chain Products Suite

 


This table provides the text form of the Risk Matrix for Oracle Supply Chain Products Suite.

CVE IdentifierDescription
CVE-2011-3532Vulnerability in the Oracle Agile Product Supplier Collaboration for Process component of Oracle Supply Chain Products Suite (subcomponent: Supplier Portal). Supported versions that are affected are 5.2.2, 6.0.0.2, 6.0.0.3 and 6.0.0.4. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Agile Product Supplier Collaboration for Process accessible data.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle PeopleSoft Products

 


This table provides the text form of the Risk Matrix for Oracle PeopleSoft Products.

CVE IdentifierDescription
CVE-2011-2315Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 8.49, 8.50 and 8.51. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data as well as read access to a subset of PeopleSoft Enterprise PeopleTools accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-3520Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Personalization). Supported versions that are affected are 8.49, 8.50 and 8.51. Difficult to exploit vulnerability allows successful network attacks via HTTP, requiring multiple authentications. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data.

CVSS Base Score 2.8 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:M/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-3527Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: Candidate Gateway). The supported version that is affected is 9.1. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise HRMS accessible data as well as read access to a subset of PeopleSoft Enterprise HRMS accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-3528Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: eProfile). The supported version that is affected is 8.9. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise HRMS accessible data as well as read access to a subset of PeopleSoft Enterprise HRMS accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-3529Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: Talent Acquisition Manager). Supported versions that are affected are 9.0 and 9.1. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HRMS accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-3530Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: eDevelopment). The supported version that is affected is 8.9. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HRMS accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-3533Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: Job Profile Manager (JPM)). The supported version that is affected is 8.9. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise HRMS accessible data as well as read access to a subset of PeopleSoft Enterprise HRMS accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Siebel CRM

 


This table provides the text form of the Risk Matrix for Oracle Siebel CRM.

CVE IdentifierDescription
CVE-2011-2316Vulnerability in the Siebel Apps - Marketing component of Oracle Siebel CRM (subcomponent: Email Marketing). The supported version that is affected is 8.0.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Siebel Apps - Marketing accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-3518Vulnerability in the Siebel Core - UIF Client component of Oracle Siebel CRM (subcomponent: User Interface). The supported version that is affected is 8.0.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Siebel Core - UIF Client accessible data as well as read access to a subset of Siebel Core - UIF Client accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-3526Vulnerability in the Siebel Core - UIF Server component of Oracle Siebel CRM (subcomponent: User Interface). Supported versions that are affected are 8.0.0 and 8.1.1. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Siebel Core - UIF Server accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Industry Applications

 


This table provides the text form of the Risk Matrix for Oracle Industry Applications.

CVE IdentifierDescription
CVE-2011-2309Vulnerability in the Health Sciences - Oracle Clinical, Remote Data Capture component of Oracle Industry Applications (subcomponent: RDC Help). Supported versions that are affected are 4.6 and 4.6.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Health Sciences - Oracle Clinical, Remote Data Capture accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-2323Vulnerability in the Health Sciences - Oracle Thesaurus Management System component of Oracle Industry Applications (subcomponent: TMS Help ). Supported versions that are affected are 4.6.1 and 4.6.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Health Sciences - Oracle Thesaurus Management System accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Sun Products Suite

 


This table provides the text form of the Risk Matrix for Oracle Sun Products Suite.

CVE IdentifierDescription
CVE-2011-2286Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: ZFS). Supported versions that are affected are 10 and 11 Express. Very difficult to exploit vulnerability allows successful authenticated network attacks via NFS. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris.

CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2011-2292Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: xscreensaver). Supported versions that are affected are 9 and 11 Express. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data.

CVSS Base Score 2.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:L/AC:H/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-2304Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Network Services Library (libnsl(3LIB))). The supported version that is affected is 10. Difficult to exploit vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data.

CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-2310Vulnerability in the Oracle Waveset component of Oracle Sun Products Suite (subcomponent: User Administration). Supported versions that are affected are 8.1.0 and 8.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Waveset accessible data as well as read access to a subset of Oracle Waveset accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Waveset.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-2311Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: ZFS). The supported version that is affected is 10. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris.

CVSS Base Score 1.7 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2011-2312Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: ZFS). The supported version that is affected is 10. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized read access to a subset of Solaris accessible data.

CVSS Base Score 1.7 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-2313Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: ZFS). The supported version that is affected is 10. Easily exploitable vulnerability requiring logon to Operating System plus additional, multiple logins to components. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 4.3 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:M/C:N/I:N/A:C). (legend) [Advisory]
CVE-2011-2327Vulnerability in the Oracle Communications Unified component of Oracle Sun Products Suite (subcomponent: Delegated Administrator). The supported version that is affected is 7.0. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Unified accessible data.

CVSS Base Score 2.1 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-3506Vulnerability in the Oracle OpenSSO component of Oracle Sun Products Suite (subcomponent: Authentication). Supported versions that are affected are 7.1 and 8.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle OpenSSO accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-3507Vulnerability in the Oracle Communications Unified component of Oracle Sun Products Suite (subcomponent: Messaging Server). The supported version that is affected is 7.0. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Communications Unified accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-3508Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: LDAP library). Supported versions that are affected are 8, 9, 10 and 11 Express. Difficult to exploit vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2011-3515Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Process File System (procfs)). Supported versions that are affected are 10 and 11 Express. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS) as well as update, insert or delete access to some Solaris accessible data.

CVSS Base Score 5.6 (Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:P/A:C). (legend) [Advisory]
CVE-2011-3517Vulnerability in the Oracle OpenSSO component of Oracle Sun Products Suite (subcomponent: Authentication). The supported version that is affected is 8.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 7.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2011-3522Vulnerability in the SPARC T3, Netra SPARC T3, Sun Fire, Sun Blade component of Oracle Sun Products Suite (subcomponent: Integrated Lights Out Manager CLI). The supported version that is affected is SysFW 8.0 for SPARC T3 based servers; see 1364156.1 for other servers. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of SPARC T3, Netra SPARC T3, Sun Fire, Sun Blade accessible data.

Note: CVE-2011-3522: Specific products affected are: SPARC T3-1, SPARC T3-1B, SPARC T3-4, Netra SPARC T3-1, Netra SPARC T3-1B, Sun Blade x6270, Sun Blade x6270 M2, Sun Blade X6275, Sun Blade X6275 M2, Sun Blade X6440 M2, Sun Blade X6450, Sun Fire X2270 M2, Sun Fire X2270, Sun Fire X4170 M2, Sun Fire X4170, Sun Fire X4270 M2, Sun Fire X4270, Sun Fire x4470 M2, Sun Fire x4470.

CVSS Base Score 2.1 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-3534Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Network Status Monitor (statd(1M))). Supported versions that are affected are 8, 9, 10 and 11 Express. Easily exploitable vulnerability allows successful unauthenticated network attacks via RPC. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2011-3535Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Remote Quota Server (rquotad(1M))). Supported versions that are affected are 8, 9 ,10 and 11 Express. Easily exploitable vulnerability allows successful unauthenticated network attacks via RPC. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2011-3536Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: DTrace Software Library (libdtrace(3LIB))). The supported version that is affected is 10. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris.

CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2011-3537Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel/Filesystem). Supported versions that are affected are 8, 9, 10 and 11 Express. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2011-3539Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Zones). Supported versions that are affected are 10 and 11 Express. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris.

CVSS Base Score 1.7 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2011-3542Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel/Performance Counter BackEnd Module (pcbe)). Supported versions that are affected are 10 and 11 Express. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2011-3543Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: iSCSI DataMover(IDM)). The supported version that is affected is 11 Express. Easily exploitable vulnerability allows successful unauthenticated network attacks via iSCSI. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 7.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2011-3559Vulnerability in the Oracle GlassFish Server component of Oracle Sun Products Suite (subcomponent: Web Container). Supported versions that are affected are Sailfin CS 2.0, 2.1.1, 3.0.1, 3.1.1, 8.1 and 8.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 7.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Linux

 


This table provides the text form of the Risk Matrix for Oracle Linux.

CVE IdentifierDescription
CVE-2011-2306Vulnerability in the Oracle Linux component of Oracle Linux (subcomponent: Oracle validated). Supported versions that are affected are 4 and 5. Easily exploitable vulnerability allows successful authenticated network attacks via None. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Linux accessible data as well as read access to a subset of Oracle Linux accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Virtualization

 


This table provides the text form of the Risk Matrix for Oracle Virtualization.

CVE IdentifierDescription
CVE-2011-3538Vulnerability in the Sun Ray component of Oracle Virtualization (subcomponent: Authentication). The supported version that is affected is 4.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Sun Ray accessible data as well as read access to a subset of Sun Ray accessible data and ability to cause a partial denial of service (partial DOS) of Sun Ray.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]