Oracle Critical Patch Update Advisory - July 2018 - Oracle CVRF Oracle Critical Patch Update Advisory CPUJul2018 Final 7.0 7.0 2018-09-18T13:00:00-07:00 Updated credit for CVE-2018-2996. 2018-07-17T13:00:00-07:00 2018-09-18T13:00:00-07:00 This document contains descriptions of Oracle product security vulnerabilities which have had fixes released for all supported versions and platforms for the associated product. Additional information regarding these vulnerabilities including fix distribution information can be found at the Oracle sites referenced in this document. This document is published at: https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/4703578.xml https://www.oracle.com/security-alerts/cpujul2018.html URL to html version of Advisory Adam Willard Adam Willard Add of MeePwn working with Trend Micro's Zero Day Initiative Amin Moralic Pure Hacking André Lenoir Tehtris Anil Tom Anil Tom Anonymous researcher working with Trend Micro's Zero Day Initiative Badcode Knownsec 404 Team Bartłomiej Stasiek Bartłomiej Stasiek Behzad Najjarpour Jabbari, Secunia Research at Flexera Software Elif Zehra Karabiber Zhong Zhaochen Cedric Zirtacic Cedric Zirtacic Cem Onat Karagun Cem Onat Karagun 0c0c0f Daniel Bleichenbacher of Google David Litchfield Apple Denis Andzakovic Pulse Security Dmitry Ivanov Dmitry Ivanov Fabio Pires NCC Group Faizal Hasanwala Faizal Hasanwala Gregory Draperi Gregory Draperi Gregory Smiley Security Compass Jackson Thuraisamy formerly of Security Compass Jakub Palaczynski ING Services Polska Jamal Elfitory Jayesh Patel Jayesh Patel Jayson Grace Sandia National Laboratories Jim LaValley, Towerwall, Inc. John Beeson Baker Hughes, a GE Company Jose Carlos Exposito Bueno Kerem TAMCI Jacob 'kobsoN' Hazak Krisorn Phochalam Krisorn Phochalam Liao Xinxi NSFOCUS Security Team Lilei Venustech ADLab Linpei Sheng 360 Enterprise Security Group Lukasz Plonka ING Services Polska Marcin Wołoszyn ING Services Polska Mathew Nash NCC Group Matthew E. Fulton Matthew E. Fulton Matthew Fulton Pure Hacking Mingxuan Song CNCERT Mushraf Mustafa Mushraf Mustafa Nalla Muthu Nalla Muthu Nick Marcoccio @1oopho1e Nicolas Verdier Tehtris Niklas Baumstark working with Trend Micro's Zero Day Initiative Omkar Avasthi Hermit Wolf Pawan Patil Electronic Arts Pawel Gocyla Pawel Gocyla Rich Mirch Rich Mirch Richard Cocks Richard Cocks Rick Ramgattie Rick Ramgattie Neil Kettle of Trustwave Spiderlabs Root Object working with Trend Micro's Zero Day Initiative Sara Badran Sara Badran Dario Weißer Lokesh Sharma Sidney Markowitz Sidney Markowitz Thomas Barabosch Fraunhofer FKIE TrendyTofu working with Trend Micro's Zero Day Initiative Viral Bhatt Viral Bhatt Vishakh B Vismit Rakhecha Vismit Rakhecha Xu Yuanzhen of Alibaba Cloud Security Team Youssef A. Mohamed aka GeneralEG re4lity Polaris Lab Communications Network Charging and Control Version 4.4.1.5.0 Communications Network Charging and Control Version 5.0.0.1.0 Communications Network Charging and Control Version 5.0.0.2.0 Communications Network Charging and Control Version 5.0.1.0.0 Communications Network Charging and Control Version 5.0.2.0.0 Communications Convergence Version 3.x Communications Session Border Controller Version ECz7.x Communications Session Border Controller Version ECz8.x Communications Interactive Session Recorder Version 5.x Communications Interactive Session Recorder Version 6.x Communications Diameter Signaling Router (DSR) Version 7.x Communications Diameter Signaling Router (DSR) Version 8.x Communications Policy Management Version 12.x Communications User Data Repository Version 10.x Communications User Data Repository Version 12.x Communications EAGLE LNP Application Processor Version 10.x Primavera P6 Enterprise Project Portfolio Management Version 15.x Primavera P6 Enterprise Project Portfolio Management Version 16.x Primavera P6 Enterprise Project Portfolio Management Version 17.x Primavera P6 Enterprise Project Portfolio Management Version 8.4 Primavera Unifier Version 16.x Primavera Unifier Version 17.x Primavera Unifier Version 18.x Oracle Database Version 11.2.0.4 Oracle Database Version 12.1.0.2 Oracle Database Version 12.2.0.1 Oracle Database Version 18.1 Oracle Database Version 18.2 Spatial and Graph Version 12.2.0.1 Spatial and Graph Version 18.1 Applications Manager Version 12.1.3 Applications Manager Version 12.2.3 Applications Manager Version 12.2.4 Applications Manager Version 12.2.5 Applications Manager Version 12.2.6 Applications Manager Version 12.2.7 Marketing Version 12.1.1 Marketing Version 12.1.2 Marketing Version 12.1.3 Marketing Version 12.2.3 Marketing Version 12.2.4 Marketing Version 12.2.5 Marketing Version 12.2.6 Marketing Version 12.2.7 iStore Version 12.1.1 iStore Version 12.1.2 iStore Version 12.1.3 iStore Version 12.2.3 iStore Version 12.2.4 iStore Version 12.2.5 iStore Version 12.2.6 iStore Version 12.2.7 Scripting Version 12.1.1 Scripting Version 12.1.2 Scripting Version 12.1.3 Order Management Version 12.1.1 Order Management Version 12.1.2 Order Management Version 12.1.3 Order Management Version 12.2.3 Order Management Version 12.2.4 Order Management Version 12.2.5 Order Management Version 12.2.6 Order Management Version 12.2.7 Application Object Library Version 12.1.3 Trade Management Version 12.1.1 Trade Management Version 12.1.2 Trade Management Version 12.1.3 Trade Management Version 12.2.3 Trade Management Version 12.2.4 Trade Management Version 12.2.5 Trade Management Version 12.2.6 Trade Management Version 12.2.7 CRM Technical Foundation Version 12.1.1 CRM Technical Foundation Version 12.1.2 CRM Technical Foundation Version 12.1.3 CRM Technical Foundation Version 12.2.3 CRM Technical Foundation Version 12.2.4 CRM Technical Foundation Version 12.2.5 CRM Technical Foundation Version 12.2.6 CRM Technical Foundation Version 12.2.7 One-to-One Fulfillment Version 12.1.1 One-to-One Fulfillment Version 12.1.2 One-to-One Fulfillment Version 12.1.3 One-to-One Fulfillment Version 12.2.3 One-to-One Fulfillment Version 12.2.4 One-to-One Fulfillment Version 12.2.5 One-to-One Fulfillment Version 12.2.6 One-to-One Fulfillment Version 12.2.7 Enterprise Manager for Oracle Database Version 12.1.0.8 Enterprise Manager for Oracle Database Version 13.2.2 Enterprise Manager for Fusion Middleware Version 12.1.0.5 Enterprise Manager for Fusion Middleware Version 13.2.x Enterprise Manager Base Platform Version 12.1.0.5 Enterprise Manager Base Platform Version 13.2.x Enterprise Manager for Peoplesoft Version 13.1.1.1 Enterprise Manager for Peoplesoft Version 13.2.1.1 Application Testing Suite Version 10.1 Enterprise Manager for Virtualization Version 13.2.2 Enterprise Manager for Virtualization Version 13.2.3 Enterprise Manager Ops Center Version 12.2.2 Enterprise Manager Ops Center Version 12.3.3 Enterprise Manager for MySQL Database Version 13.2.2.0.0 and prior Financial Services Revenue Management and Billing Version 2.3.0.2.0 Financial Services Revenue Management and Billing Version 2.4.0.0.0 Financial Services Revenue Management and Billing Version 2.4.0.1.0 Financial Services Revenue Management and Billing Version 2.5.0.1.0 Financial Services Revenue Management and Billing Version 2.5.0.2.0 Financial Services Revenue Management and Billing Version 2.5.0.3.0 Financial Services Profitability Management Version 6.1.1 Financial Services Profitability Management Version 8.0.x Financial Services Funds Transfer Pricing Version 6.1.1 Financial Services Funds Transfer Pricing Version 8.0.x Financial Services Analytical Applications Infrastructure Version 7.3.3.x Financial Services Analytical Applications Infrastructure Version 8.0.x FLEXCUBE Universal Banking Version 11.3.0 FLEXCUBE Universal Banking Version 11.4.0 FLEXCUBE Universal Banking Version 12.0.1 FLEXCUBE Universal Banking Version 12.0.2 FLEXCUBE Universal Banking Version 12.0.3 FLEXCUBE Universal Banking Version 12.1.0 FLEXCUBE Universal Banking Version 12.2.0 FLEXCUBE Universal Banking Version 12.3.0 FLEXCUBE Universal Banking Version 12.4.0 FLEXCUBE Universal Banking Version 14.0.0 FLEXCUBE Universal Banking Version 14.1.0 FLEXCUBE Investor Servicing Version 12.0.4 FLEXCUBE Investor Servicing Version 12.1.0 FLEXCUBE Investor Servicing Version 12.3.0 FLEXCUBE Investor Servicing Version 12.4.0 FLEXCUBE Enterprise Limits and Collateral Management Version 12.3.0 FLEXCUBE Enterprise Limits and Collateral Management Version 14.0.0 FLEXCUBE Enterprise Limits and Collateral Management Version 14.1.0 Banking Platform Version 2.6.0 Banking Platform Version 2.6.1 Banking Platform Version 2.6.2 Financial Services Behavior Detection Platform Version 8.0.x Financial Services Hedge Management and IFRS Valuations Version 8.0.4 Financial Services Hedge Management and IFRS Valuations Version 8.0.5 Financial Services Loan Loss Forecasting and Provisioning Version 8.0.4 Financial Services Loan Loss Forecasting and Provisioning Version 8.0.5 Banking Corporate Lending Version 12.3.0 Banking Corporate Lending Version 12.4.0 Banking Corporate Lending Version 12.5.0 Banking Corporate Lending Version 14.0.0 Banking Corporate Lending Version 14.1.0 Banking Payments Version 12.2.0 Banking Payments Version 12.3.0 Banking Payments Version 12.4.0 Banking Payments Version 12.5.0 Banking Payments Version 14.1.0 Internet Directory Version 11.1.1.9.0 JDeveloper Version 12.1.3.0.0 JDeveloper Version 12.2.1.2.0 JDeveloper Version 12.2.1.3.0 Fusion Middleware Version 12.2.1.2 Fusion Middleware Version 12.2.1.3 SOA Suite Version 11.1.1.7.0 SOA Suite Version 11.1.1.9.0 SOA Suite Version 12.1.3.0.0 SOA Suite Version 12.2.1.2.0 SOA Suite Version 12.2.1.3.0 Fusion Middleware MapViewer Version 12.2.1.2 Fusion Middleware MapViewer Version 12.2.1.2.0 Fusion Middleware MapViewer Version 12.2.1.3 Fusion Middleware MapViewer Version 12.2.1.3.0 BI Publisher (formerly XML Publisher) Version 11.1.1.7.0 BI Publisher (formerly XML Publisher) Version 11.1.1.9.0 BI Publisher (formerly XML Publisher) Version 12.2.1.2.0 BI Publisher (formerly XML Publisher) Version 12.2.1.3.0 WebCenter Portal Version 11.1.1.9.0 WebCenter Portal Version 12.2.1.2.0 WebCenter Portal Version 12.2.1.3.0 Outside In Technology Version 8.5.3 WebLogic Server Version 10.3.6.0 WebLogic Server Version 12.1.3.0 WebLogic Server Version 12.2.1.2 WebLogic Server Version 12.2.1.3 Business Process Management Suite Version 11.1.1.7.0 Business Process Management Suite Version 11.1.1.9.0 Business Process Management Suite Version 12.1.3.0.0 Business Process Management Suite Version 12.2.1.2.0 Business Process Management Suite Version 12.2.1.3.0 Enterprise Repository Version 11.1.1.7.0 Enterprise Repository Version 12.1.3.0.0 Tuxedo Version 12.1.1 Tuxedo Version 12.1.3 Tuxedo Version 12.2.2 API Gateway Version 11.1.2.4.0 Enterprise Data Quality Version 12.2.1.3.0 Endeca Information Discovery Studio Version 3.1 Endeca Information Discovery Studio Version 3.2 FMW Platform Version 12.2.1.2.0 FMW Platform Version 12.2.1.3.0 Global Lifecycle Management OPatchAuto Version All Hospitality OPERA 5 Property Services Version 5.5.x Hospitality Cruise Shipboard Property Management System Version 8.x Hospitality Cruise Fleet Management Version 9.x Hyperion Data Relationship Management Version 11.1.2.4.330 Hyperion Financial Reporting Version 11.1.2 Insurance Policy Administration J2EE Version 10.0 Insurance Policy Administration J2EE Version 10.1 Insurance Policy Administration J2EE Version 10.2 Insurance Policy Administration J2EE Version 11.0 JD Edwards EnterpriseOne Tools Version 9.2 JD Edwards World Security Version A9.3 JD Edwards World Security Version A9.3.1 JD Edwards World Security Version A9.4 Java Version 10.0.1 Java Version 10.0.1; Java SE Embedded: 8u171 Java Version 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18 Java Version 7u181 Java Version 8u172 Java Version Java SE: 10.0.1 Java Version Java SE: 6u191 Java Version Java SE: 7u181 Java Version Java SE: 8u172 MySQL Workbench Version 6.3.10 and earlier MySQL Workbench Version 8.0.11 and prior MySQL Server Version 5.5.60 and prior MySQL Server Version 5.6.40 and prior MySQL Server Version 5.7.22 and prior MySQL Server Version 8.0.11 and prior MySQL Enterprise Monitor Version 3.4.7.4297 and prior MySQL Enterprise Monitor Version 4.0.4.5235 and prior MySQL Enterprise Monitor Version 8.0.0.8131 and prior MySQL Connectors Version 5.3.10 and prior MySQL Connectors Version 8.0.11 and prior PeopleSoft Enterprise HCM Candidate Gateway Version 9.2 PeopleSoft Enterprise HCM Human Resources Version 9.2 PeopleSoft Enterprise PT PeopleTools Version 8.55 PeopleSoft Enterprise PT PeopleTools Version 8.56 PeopleSoft Enterprise CS Financial Aid Version 9.0 PeopleSoft Enterprise CS Financial Aid Version 9.2 PeopleSoft Enterprise FIN Install Version 9.2 Policy Automation Version 10.4.7 Policy Automation Version 12.1.0 Policy Automation Version 12.1.1 Policy Automation Version 12.2.0 Policy Automation Version 12.2.1 Policy Automation Version 12.2.10 Policy Automation Version 12.2.2 Policy Automation Version 12.2.3 Policy Automation Version 12.2.4 Policy Automation Version 12.2.5 Policy Automation Version 12.2.6 Policy Automation Version 12.2.7 Policy Automation Version 12.2.8 Policy Automation Version 12.2.9 Policy Automation for Mobile Devices Version 10.4.7 Policy Automation for Mobile Devices Version 12.1.0 Policy Automation for Mobile Devices Version 12.1.1 Policy Automation for Mobile Devices Version 12.2.0 Policy Automation for Mobile Devices Version 12.2.1 Policy Automation for Mobile Devices Version 12.2.10 Policy Automation for Mobile Devices Version 12.2.2 Policy Automation for Mobile Devices Version 12.2.3 Policy Automation for Mobile Devices Version 12.2.4 Policy Automation for Mobile Devices Version 12.2.5 Policy Automation for Mobile Devices Version 12.2.6 Policy Automation for Mobile Devices Version 12.2.7 Policy Automation for Mobile Devices Version 12.2.8 Policy Automation for Mobile Devices Version 12.2.9 Policy Automation Connector for Siebel Version 10.4.6 Retail Integration Bus Version 12.0.x Retail Integration Bus Version 13.0.x Retail Integration Bus Version 13.1.x Retail Integration Bus Version 13.2.x Retail Integration Bus Version 14.0.014.1.0 Retail Integration Bus Version 14.0.x Retail Integration Bus Version 14.1.x Retail Integration Bus Version 15.0 Retail Integration Bus Version 15.0.x Retail Integration Bus Version 16.0 Retail Integration Bus Version 16.0.x Retail Predictive Application Server Version 15.0.3 Retail Service Layer Version 12.0.x Retail Service Layer Version 13.0.x Retail Service Layer Version 13.1.x Retail Service Layer Version 13.2.x Retail Service Layer Version 14.0.x Retail Back Office Version 14.0 Retail Back Office Version 14.1 Retail Central Office Version 14.0 Retail Central Office Version 14.1 Retail Point-of-Service Version 14.0 Retail Point-of-Service Version 14.1 Retail Returns Management Version 14.0 Retail Returns Management Version 14.1 Retail Clearance Optimization Engine Version 14.0.5 Retail Financial Integration Version 13.2.x Retail Financial Integration Version 14.0.x Retail Financial Integration Version 14.1.x Retail Financial Integration Version 15.0.x Retail Financial Integration Version 16.0.x Retail Service Backbone Version 14.0.x Retail Service Backbone Version 14.1.x Retail Service Backbone Version 15.0.x Retail Service Backbone Version 16.0.025 Retail Service Backbone Version 16.0.x Retail Convenience and Fuel POS Software Version 2.1.132 Retail Order Broker Cloud Service Version 15.0 Retail Order Broker Cloud Service Version 16.0 Retail Order Broker Cloud Service Version 5.2 MICROS XBR Version 7.0.2 MICROS XBR Version 7.0.4 MICROS Relate CRM Software Version 10.8.x MICROS Relate CRM Software Version 11.4.x MICROS Retail-J Version 10.2.x MICROS Retail-J Version 11.0.x MICROS Retail-J Version 12.0.x MICROS Retail-J Version 12.1.1.x MICROS Retail-J Version 12.1.2.x MICROS Retail-J Version 12.1.x MICROS Retail-J Version 13.1.x MICROS Lucas Version 2.9.5.3 MICROS Lucas Version 2.9.5.4 MICROS Lucas Version 2.9.5.5 MICROS Lucas Version 2.9.5.6 Retail Bulk Data Integration Version 16.0 Retail Customer Management and Segmentation Foundation Version 16.x Retail Customer Management and Segmentation Foundation Version 17.x Siebel UI Framework Version 18.0 Solaris Cluster Version 3.3 Solaris Cluster Version 4.3 Solaris Operating System Version 10 Solaris Operating System Version 11.2 Solaris Operating System Version 11.3 SuperCluster Specific Software Version Prior to 2.5.0 SSM - (ssm_host_apps) HMP: Hardware Management Pack Version 11.3 Sun ZFS Storage Appliance Kit (AK) Software Version Prior to 8.7.18 Sun ZFS Storage Appliance Kit (AK) Software Version Prior to 8.7.19 Sun ZFS Storage Appliance Kit (AK) Software Version Prior to 8.7.20 Tape Library ACSLS Version Prior to ACSLS 8.4.0-3 Transportation Management Version 6.2 Transportation Management Version 6.3.7 Transportation Management Version 6.4.1 Agile Engineering Data Management Version 6.1.3 Agile Engineering Data Management Version 6.2.0 Agile Engineering Data Management Version 6.2.1 Agile PLM MCAD Connector Version 3.3 Agile PLM MCAD Connector Version 3.4 Agile PLM MCAD Connector Version 3.5 Agile PLM MCAD Connector Version 3.6 Agile Product Lifecycle Management for Process Version 6.2.0.0 AutoVue VueLink Integration Version 21.0.0 AutoVue VueLink Integration Version 21.0.1 Agile PLM Framework Version 9.3.3 Agile PLM Framework Version 9.3.4 Agile PLM Framework Version 9.3.5 Agile PLM Framework Version 9.3.6 Agile Recipe Management for Pharmaceuticals Version 9.3.4 OSS Support Tools Version Prior to 18.3 Utilities Network Management System Version 1.12.x Utilities Network Management System Version 2.3.x Utilities Work and Asset Management Version 1.9.1.2.12 Utilities Framework Version 4.3.x VM VirtualBox Version Prior to 5.2.16 Secure Global Desktop Version 5.3 Secure Global Desktop Version 5.4 iLearning Version 6.2 Vulnerability in the Oracle Endeca Information Discovery Studio component of Oracle Fusion Middleware (subcomponent: Studio (Jetty)). Supported versions that are affected are 3.1 and 3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Endeca Information Discovery Studio. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Endeca Information Discovery Studio. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Fix has been released CVE-2011-4461 P-9634V-3.1 P-9634V-3.2 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-9634V-3.1 P-9634V-3.2 Vulnerability in the Oracle Financial Services Revenue Management and Billing component of Oracle Financial Services Applications (subcomponent: External Message (HTTP Client)). Supported versions that are affected are 2.3.0.2.0, 2.4.0.0.0, 2.4.0.1.0, 2.5.0.1.0, 2.5.0.2.0 and 2.5.0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized read access to a subset of Oracle Financial Services Revenue Management and Billing accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N). Fix has been released CVE-2014-3577 P-5322V-2.3.0.2.0 P-5322V-2.4.0.0.0 P-5322V-2.4.0.1.0 P-5322V-2.5.0.1.0 P-5322V-2.5.0.2.0 P-5322V-2.5.0.3.0 6.5 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-5322V-2.3.0.2.0 P-5322V-2.4.0.0.0 P-5322V-2.4.0.1.0 P-5322V-2.5.0.1.0 P-5322V-2.5.0.2.0 P-5322V-2.5.0.3.0 Vulnerability in the Oracle Internet Directory component of Oracle Fusion Middleware (subcomponent: SSL/TLS). The supported version that is affected is 11.1.1.9.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Internet Directory. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Internet Directory accessible data. Note: Please refer to MOS document (<a href="https://support.oracle.com/rs?type=doc&id=2420947.1">Doc ID 2420947.1)</a> for instructions on how to address this issue. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). Fix has been released CVE-2015-0204 P-355V-11.1.1.9.0 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-355V-11.1.1.9.0 Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: Security (OpenSSH)). The supported version that is affected is 12.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Policy Management accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). Fix has been released CVE-2015-5600 P-10900V-12.x 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-10900V-12.x Vulnerability in the Tape Library ACSLS component of Oracle Sun Systems Products Suite (subcomponent: Software (Apache Commons Collections)). Supported versions that are affected are Prior to ACSLS 8.4.0-3. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Tape Library ACSLS. Successful attacks of this vulnerability can result in takeover of Tape Library ACSLS. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2015-7501 P-10088V-Prior to ACSLS 8.4.0-3 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-10088V-Prior to ACSLS 8.4.0-3 Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: CMP (Bouncy Castle)). The supported version that is affected is 12.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Policy Management accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2015-7940 P-10900V-12.x 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-10900V-12.x Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: None (Bouncy Castle Java package)). Supported versions that are affected are 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle JDeveloper accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2015-7940 P-807V-12.1.3.0.0 P-807V-12.2.1.2.0 P-807V-12.2.1.3.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-807V-12.1.3.0.0 P-807V-12.2.1.2.0 P-807V-12.2.1.3.0 Vulnerability in the Oracle Retail Convenience and Fuel POS Software component of Oracle Retail Applications (subcomponent: OPT Server (Bouncy Castle Java Library)). The supported version that is affected is 2.1.132. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Convenience and Fuel POS Software. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Convenience and Fuel POS Software accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2015-7940 P-11515V-2.1.132 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-11515V-2.1.132 Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: Security (Apache Tomcat)). The supported version that is affected is 12.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Policy Management. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2016-0714 P-10900V-12.x 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-10900V-12.x Vulnerability in the Agile Recipe Management for Pharmaceuticals component of Oracle Supply Chain Products Suite (subcomponent: UI Components-Framework (Apache Struts 1)). The supported version that is affected is 9.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Agile Recipe Management for Pharmaceuticals. Successful attacks of this vulnerability can result in takeover of Agile Recipe Management for Pharmaceuticals. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2016-1181 P-8780V-9.3.4 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8780V-9.3.4 Vulnerability in the Enterprise Manager for Fusion Middleware component of Oracle Enterprise Manager Products Suite (subcomponent: FMW Plugin for CC (Apache Struts 1)). The supported version that is affected is 12.1.0.5. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in takeover of Enterprise Manager for Fusion Middleware. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2016-1181 P-1369V-12.1.0.5 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-1369V-12.1.0.5 Vulnerability in the MICROS XBR component of Oracle Retail Applications (subcomponent: Retail (Apache Struts 1)). Supported versions that are affected are 7.0.2 and 7.0.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS XBR. Successful attacks of this vulnerability can result in takeover of MICROS XBR. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2016-1181 P-11564V-7.0.2 P-11564V-7.0.4 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-11564V-7.0.2 P-11564V-7.0.4 Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Install (Apache Struts 1)). Supported versions that are affected are 6.2, 6.3.7 and 6.4.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in takeover of Oracle Transportation Management. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2016-1181 P-1991V-6.2 P-1991V-6.3.7 P-1991V-6.4.1 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-1991V-6.2 P-1991V-6.3.7 P-1991V-6.4.1 Vulnerability in the Oracle Communications User Data Repository component of Oracle Communications Applications (subcomponent: Security (Apache Xerces)). Supported versions that are affected are 10.x and 12.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications User Data Repository. Successful attacks of this vulnerability can result in takeover of Oracle Communications User Data Repository. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2016-2099 P-11108V-10.x P-11108V-12.x 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-11108V-10.x P-11108V-12.x Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: Security (OpenSSL)). The supported version that is affected is 12.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Policy Management and unauthorized read access to a subset of Oracle Communications Policy Management accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H). Fix has been released CVE-2016-2176 P-10900V-12.x 8.2 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-10900V-12.x Vulnerability in the Oracle Retail Convenience and Fuel POS Software component of Oracle Retail Applications (subcomponent: Point of Sale). The supported version that is affected is 2.1.132. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Convenience and Fuel POS Software. Successful attacks of this vulnerability can result in takeover of Oracle Retail Convenience and Fuel POS Software. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2016-3506 P-11515V-2.1.132 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-11515V-2.1.132 Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core (Moment)). Supported versions that are affected are 16.x, 17.x and 18.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Unifier. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2016-4055 P-10354V-16.x P-10354V-17.x P-10354V-18.x 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-10354V-16.x P-10354V-17.x P-10354V-18.x Vulnerability in the Oracle Utilities Framework component of Oracle Utilities Applications (subcomponent: Help (Apache Trinidad)). The supported version that is affected is 4.3.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Utilities Framework. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2016-5019 P-2245V-4.3.x 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-2245V-4.3.x Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: Platform (Kernel)). The supported version that is affected is 12.x. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Policy Management executes to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Policy Management. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2016-5195 P-10900V-12.x 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-10900V-12.x Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Event Java PX (Apache Groovy)). Supported versions that are affected are 9.3.3, 9.3.4, 9.3.5 and 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile PLM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM. CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). Fix has been released CVE-2016-6814 P-4461V-9.3.3 P-4461V-9.3.4 P-4461V-9.3.5 P-4461V-9.3.6 9.6 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-4461V-9.3.3 P-4461V-9.3.4 P-4461V-9.3.5 P-4461V-9.3.6 Vulnerability in the Oracle Retail Integration Bus component of Oracle Retail Applications (subcomponent: RIB Kernal (Apache Groovy)). Supported versions that are affected are 12.0.x, 13.0.x, 13.1.x, 13.2.x, 14.0.x, 14.1.x, 15.0.x and 16.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Integration Bus. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Integration Bus, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Retail Integration Bus. CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). Fix has been released CVE-2016-6814 P-1807V-12.0.x P-1807V-13.0.x P-1807V-13.1.x P-1807V-13.2.x P-1807V-14.0.x P-1807V-14.1.x P-1807V-15.0.x P-1807V-16.0.x 9.6 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-1807V-12.0.x P-1807V-13.0.x P-1807V-13.1.x P-1807V-13.2.x P-1807V-14.0.x P-1807V-14.1.x P-1807V-15.0.x P-1807V-16.0.x Vulnerability in the Oracle Retail Service Backbone component of Oracle Retail Applications (subcomponent: Install (Apache Groovy)). The supported version that is affected is 16.0.025. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Service Backbone. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Service Backbone, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Retail Service Backbone. CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). Fix has been released CVE-2016-6814 P-10867V-16.0.025 9.6 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-10867V-16.0.025 Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core (jQueryUI)). Supported versions that are affected are 16.x, 17.x and 18.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Unifier, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Unifier accessible data as well as unauthorized read access to a subset of Primavera Unifier accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2016-7103 P-10354V-16.x P-10354V-17.x P-10354V-18.x 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-10354V-16.x P-10354V-17.x P-10354V-18.x Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Search Export SDK (zlib)). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L). Fix has been released CVE-2016-9843 P-2276V-8.5.3 6.3 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-2276V-8.5.3 Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Framework (Spring Framework)). Supported versions that are affected are 12.2.2 and 12.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Ops Center accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2016-9878 P-9835V-12.2.2 P-9835V-12.3.3 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-9835V-12.2.2 P-9835V-12.3.3 Vulnerability in the Oracle Retail Back Office component of Oracle Retail Applications (subcomponent: Security (Spring Framework)). Supported versions that are affected are 14.0 and 14.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Back Office. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Back Office accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2016-9878 P-2013V-14.0 P-2013V-14.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-2013V-14.0 P-2013V-14.1 Vulnerability in the Oracle Retail Central Office component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 14.0 and 14.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Central Office. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Central Office accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2016-9878 P-2016V-14.0 P-2016V-14.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-2016V-14.0 P-2016V-14.1 Vulnerability in the Oracle Retail Integration Bus component of Oracle Retail Applications (subcomponent: Install (Spring Framework)). Supported versions that are affected are 14.0.x, 14.1.x, 15.0.x and 16.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Integration Bus. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Integration Bus accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2016-9878 P-1807V-14.0.x P-1807V-14.1.x P-1807V-15.0.x P-1807V-16.0.x 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-1807V-14.0.x P-1807V-14.1.x P-1807V-15.0.x P-1807V-16.0.x Vulnerability in the Oracle Retail Point-of-Sale component of Oracle Retail Applications (subcomponent: Transaction (Spring Framework)). Supported versions that are affected are 14.0 and 14.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Point-of-Sale. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Point-of-Sale accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2016-9878 P-2017V-14.0 P-2017V-14.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-2017V-14.0 P-2017V-14.1 Vulnerability in the Oracle Retail Returns Management component of Oracle Retail Applications (subcomponent: Security (Spring Framework)). Supported versions that are affected are 14.0 and 14.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Returns Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Returns Management accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2016-9878 P-2020V-14.0 P-2020V-14.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-2020V-14.0 P-2020V-14.1 Vulnerability in the Oracle Communications Interactive Session Recorder component of Oracle Communications Applications (subcomponent: Security (libgcrypt)). Supported versions that are affected are 5.x and 6.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Interactive Session Recorder. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Interactive Session Recorder accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2017-0379 P-10765V-5.x P-10765V-6.x 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-10765V-5.x P-10765V-6.x Vulnerability in the MySQL Workbench component of Oracle MySQL (subcomponent: Workbench: Security: Encryption (libgcrypt)). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Workbench. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Workbench accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2017-0379 P-4627V-8.0.11 and prior 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-4627V-8.0.11 and prior Vulnerability in the FMW Platform component of Oracle Fusion Middleware (subcomponent: Common Components (Apache Tomcat)). Supported versions that are affected are 12.2.1.2.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise FMW Platform. Successful attacks of this vulnerability can result in takeover of FMW Platform. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-12617 P-11190V-12.2.1.2.0 P-11190V-12.2.1.3.0 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-11190V-12.2.1.2.0 P-11190V-12.2.1.3.0 Vulnerability in the Oracle Retail Convenience and Fuel POS Software component of Oracle Retail Applications (subcomponent: OPT Server (Apache Tomcat)). The supported version that is affected is 2.1.132. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Convenience and Fuel POS Software. Successful attacks of this vulnerability can result in takeover of Oracle Retail Convenience and Fuel POS Software. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-12617 P-11515V-2.1.132 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-11515V-2.1.132 Vulnerability in the Oracle Spatial (jackson-databind) component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 18.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Spatial (jackson-databind). Successful attacks of this vulnerability can result in takeover of Oracle Spatial (jackson-databind). CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-15095 P-619V-12.2.0.1 P-619V-18.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-619V-12.2.0.1 P-619V-18.1 Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: Security (MySQL)). The supported version that is affected is 12.x. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Policy Management as well as unauthorized update, insert or delete access to some of Oracle Communications Policy Management accessible data. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H). Fix has been released CVE-2017-3633 P-10900V-12.x 6.5 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-10900V-12.x Vulnerability in the JD Edwards World Security component of Oracle JD Edwards Products (subcomponent: GUI / World Vision (OpenSSL)). Supported versions that are affected are A9.3, A9.3.1 and A9.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards World Security. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards World Security accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2017-3736 P-4839V-A9.3 P-4839V-A9.3.1 P-4839V-A9.4 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-4839V-A9.3 P-4839V-A9.3.1 P-4839V-A9.4 Vulnerability in the MICROS Lucas component of Oracle Retail Applications (subcomponent: Security (JasperReports)). Supported versions that are affected are 2.9.5.3, 2.9.5.4,2.9.5.5 and 2.9.5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Lucas. Successful attacks of this vulnerability can result in takeover of MICROS Lucas. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-5533 P-12633V-2.9.5.3 P-12633V-2.9.5.4 P-12633V-2.9.5.5 P-12633V-2.9.5.6 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-12633V-2.9.5.3 P-12633V-2.9.5.4 P-12633V-2.9.5.5 P-12633V-2.9.5.6 Vulnerability in the MICROS Relate CRM Software component of Oracle Retail Applications (subcomponent: Internal Operations (JasperReports)). Supported versions that are affected are 10.8.x and 11.4.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Relate CRM Software. Successful attacks of this vulnerability can result in takeover of MICROS Relate CRM Software. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-5533 P-11566V-10.8.x P-11566V-11.4.x 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-11566V-10.8.x P-11566V-11.4.x Vulnerability in the Oracle Retail Order Broker component of Oracle Retail Applications (subcomponent: Order Broker Foundation (JasperReports)). Supported versions that are affected are 5.2, 15.0 and 16.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Order Broker. Successful attacks of this vulnerability can result in takeover of Oracle Retail Order Broker. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-5533 P-11520V-5.2 P-11520V-15.0 P-11520V-16.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-11520V-5.2 P-11520V-15.0 P-11520V-16.0 Vulnerability in the Oracle AutoVue VueLink Integration component of Oracle Supply Chain Products Suite (subcomponent: Installation Issues (Apache Log4j)). Supported versions that are affected are 21.0.0 and 21.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle AutoVue VueLink Integration. Successful attacks of this vulnerability can result in takeover of Oracle AutoVue VueLink Integration. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-5645 P-4454V-21.0.0 P-4454V-21.0.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-4454V-21.0.0 P-4454V-21.0.1 Vulnerability in the Oracle Banking Platform component of Oracle Financial Services Applications (subcomponent: Collections (Apache Log4j)). Supported versions that are affected are 2.6.0, 2.6.1 and 2.6.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Platform. Successful attacks of this vulnerability can result in takeover of Oracle Banking Platform. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-5645 P-9178V-2.6.0 P-9178V-2.6.1 P-9178V-2.6.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-9178V-2.6.0 P-9178V-2.6.1 P-9178V-2.6.2 Vulnerability in the Oracle Enterprise Data Quality component of Oracle Fusion Middleware (subcomponent: General (Apache Log4j)). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Data Quality. Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Data Quality. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-5645 P-9464V-12.2.1.3.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-9464V-12.2.1.3.0 Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Products Suite (subcomponent: Installer (Apache Log4j)). Supported versions that are affected are 12.1.0.5 and 13.2.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in takeover of Enterprise Manager Base Platform. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-5645 P-1370V-12.1.0.5 P-1370V-13.2.x 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-1370V-12.1.0.5 P-1370V-13.2.x Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Products Suite (subcomponent: Security Framework (Apache Log4j)). Supported versions that are affected are 12.1.0.5 and 13.2.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in takeover of Enterprise Manager Base Platform. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-5645 P-1370V-12.1.0.5 P-1370V-13.2.x 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-1370V-12.1.0.5 P-1370V-13.2.x Vulnerability in the Enterprise Manager for Fusion Middleware component of Oracle Enterprise Manager Products Suite (subcomponent: Application Replay (Apache Log4j)). Supported versions that are affected are 12.1.0.5 and 13.2.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in takeover of Enterprise Manager for Fusion Middleware. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-5645 P-1369V-12.1.0.5 P-1369V-13.2.x 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-1369V-12.1.0.5 P-1369V-13.2.x Vulnerability in the Enterprise Manager for Fusion Middleware component of Oracle Enterprise Manager Products Suite (subcomponent: FMW Plugin for CC (Apache Log4j)). Supported versions that are affected are 12.1.0.5 and 13.2.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in takeover of Enterprise Manager for Fusion Middleware. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-5645 P-1369V-12.1.0.5 P-1369V-13.2.x 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-1369V-12.1.0.5 P-1369V-13.2.x Vulnerability in the Enterprise Manager for MySQL Database component of Oracle Enterprise Manager Products Suite (subcomponent: EM Plugin: General (Apache Log4j)). Supported versions that are affected are 13.2.2.0.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via Log4j to compromise Enterprise Manager for MySQL Database. Successful attacks of this vulnerability can result in takeover of Enterprise Manager for MySQL Database. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-5645 P-11166V-13.2.2.0.0 and prior 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-11166V-13.2.2.0.0 and prior Vulnerability in the Enterprise Manager for Oracle Database component of Oracle Enterprise Manager Products Suite (subcomponent: Provisioning (Apache Log4j)). Supported versions that are affected are 12.1.0.8 and 13.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in takeover of Enterprise Manager for Oracle Database. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-5645 P-1366V-12.1.0.8 P-1366V-13.2.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-1366V-12.1.0.8 P-1366V-13.2.2 Vulnerability in the Enterprise Manager for Peoplesoft component of Oracle Enterprise Manager Products Suite (subcomponent: PSEM Plugin (Apache Log4j)). Supported versions that are affected are 13.1.1.1 and 13.2.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager for Peoplesoft. Successful attacks of this vulnerability can result in takeover of Enterprise Manager for Peoplesoft. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-5645 P-2131V-13.1.1.1 P-2131V-13.2.1.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-2131V-13.1.1.1 P-2131V-13.2.1.1 Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure component of Oracle Financial Services Applications (subcomponent: Infrastructure (Apache Log4j)). Supported versions that are affected are 7.3.3.x and 8.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Analytical Applications Infrastructure. Note: Please refer MOS document (<a href="https://support.oracle.com/rs?type=doc&id=2380553.1">Doc ID 2380553.1)</a> for applicability across other Oracle Financial Services products. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-5645 P-5680V-7.3.3.x P-5680V-8.0.x 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-5680V-7.3.3.x P-5680V-8.0.x Vulnerability in the Oracle Financial Services Behavior Detection Platform component of Oracle Financial Services Applications (subcomponent: Ingestion (Apache Log4j)). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Behavior Detection Platform. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Behavior Detection Platform. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-5645 P-9190V-8.0.x 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-9190V-8.0.x Vulnerability in the Oracle Financial Services Funds Transfer Pricing component of Oracle Financial Services Applications (subcomponent: Logging (Apache Log4j)). Supported versions that are affected are 6.1.1 and 8.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Funds Transfer Pricing. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Funds Transfer Pricing. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-5645 P-5659V-6.1.1 P-5659V-8.0.x 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-5659V-6.1.1 P-5659V-8.0.x Vulnerability in the Oracle Financial Services Hedge Management and IFRS Valuations component of Oracle Financial Services Applications (subcomponent: Logging (Apache Log4j)). Supported versions that are affected are 8.0.4 and 8.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Hedge Management and IFRS Valuations. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Hedge Management and IFRS Valuations. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-5645 P-9332V-8.0.4 P-9332V-8.0.5 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-9332V-8.0.4 P-9332V-8.0.5 Vulnerability in the Oracle Financial Services Loan Loss Forecasting and Provisioning component of Oracle Financial Services Applications (subcomponent: Logging (Apache Log4j)). Supported versions that are affected are 8.0.4 and 8.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Loan Loss Forecasting and Provisioning. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Loan Loss Forecasting and Provisioning. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-5645 P-9474V-8.0.4 P-9474V-8.0.5 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-9474V-8.0.4 P-9474V-8.0.5 Vulnerability in the Oracle Financial Services Profitability Management component of Oracle Financial Services Applications (subcomponent: Logging (Apache Log4j)). Supported versions that are affected are 6.1.1 and 8.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Profitability Management. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Profitability Management. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-5645 P-5658V-6.1.1 P-5658V-8.0.x 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-5658V-6.1.1 P-5658V-8.0.x Vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Install (Apache Log4j)). Supported versions that are affected are 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Fusion Middleware MapViewer. Successful attacks of this vulnerability can result in takeover of Oracle Fusion Middleware MapViewer. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-5645 P-1215V-12.2.1.2 P-1215V-12.2.1.3 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-1215V-12.2.1.2 P-1215V-12.2.1.3 Vulnerability in the Oracle Insurance Policy Administration component of Oracle Insurance Applications (subcomponent: Policy Administration (Apache Log4j)). Supported versions that are affected are 10.0, 10.1, 10.2 and 11.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Policy Administration. Successful attacks of this vulnerability can result in takeover of Oracle Insurance Policy Administration. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-5645 P-5279V-10.0 P-5279V-10.1 P-5279V-10.2 P-5279V-11.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-5279V-10.0 P-5279V-10.1 P-5279V-10.2 P-5279V-11.0 Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Service Manager (Apache Log4j)). Supported versions that are affected are 3.4.7.4297 and prior, 4.0.4.5235 and prior and 8.0.0.8131 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via Log4j to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in takeover of MySQL Enterprise Monitor. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-5645 P-8480V-3.4.7.4297 and prior P-8480V-4.0.4.5235 and prior P-8480V-8.0.0.8131 and prior 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8480V-3.4.7.4297 and prior P-8480V-4.0.4.5235 and prior P-8480V-8.0.0.8131 and prior Vulnerability in the PeopleSoft Enterprise FIN Install component of Oracle PeopleSoft Products (subcomponent: Security (Apache Log4j)). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Install. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise FIN Install. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-5645 P-8925V-9.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8925V-9.2 Vulnerability in the Oracle Policy Automation component of Oracle Policy Automation (subcomponent: Determinations Engine (Apache Log4j)). Supported versions that are affected are 10.4.7, 12.1.0, 12.1.1, 12.2.0, 12.2.1, 12.2.2, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8, 12.2.9 and 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Policy Automation. Successful attacks of this vulnerability can result in takeover of Oracle Policy Automation. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-5645 P-5624V-10.4.7 P-5624V-12.1.0 P-5624V-12.1.1 P-5624V-12.2.0 P-5624V-12.2.1 P-5624V-12.2.2 P-5624V-12.2.3 P-5624V-12.2.4 P-5624V-12.2.5 P-5624V-12.2.6 P-5624V-12.2.7 P-5624V-12.2.8 P-5624V-12.2.9 P-5624V-12.2.10 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-5624V-10.4.7 P-5624V-12.1.0 P-5624V-12.1.1 P-5624V-12.2.0 P-5624V-12.2.1 P-5624V-12.2.2 P-5624V-12.2.3 P-5624V-12.2.4 P-5624V-12.2.5 P-5624V-12.2.6 P-5624V-12.2.7 P-5624V-12.2.8 P-5624V-12.2.9 P-5624V-12.2.10 Vulnerability in the Oracle Policy Automation Connector for Siebel component of Oracle Policy Automation (subcomponent: Core (Apache Log4j)). The supported version that is affected is 10.4.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Policy Automation Connector for Siebel. Successful attacks of this vulnerability can result in takeover of Oracle Policy Automation Connector for Siebel. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-5645 P-5627V-10.4.6 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-5627V-10.4.6 Vulnerability in the Oracle Policy Automation for Mobile Devices component of Oracle Policy Automation (subcomponent: Core (Apache Log4j)). Supported versions that are affected are 10.4.7, 12.1.0, 12.1.1, 12.2.0, 12.2.1, 12.2.2, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8, 12.2.9 and 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Policy Automation for Mobile Devices. Successful attacks of this vulnerability can result in takeover of Oracle Policy Automation for Mobile Devices. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-5645 P-5626V-10.4.7 P-5626V-12.1.0 P-5626V-12.1.1 P-5626V-12.2.0 P-5626V-12.2.1 P-5626V-12.2.2 P-5626V-12.2.3 P-5626V-12.2.4 P-5626V-12.2.5 P-5626V-12.2.6 P-5626V-12.2.7 P-5626V-12.2.8 P-5626V-12.2.9 P-5626V-12.2.10 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-5626V-10.4.7 P-5626V-12.1.0 P-5626V-12.1.1 P-5626V-12.2.0 P-5626V-12.2.1 P-5626V-12.2.2 P-5626V-12.2.3 P-5626V-12.2.4 P-5626V-12.2.5 P-5626V-12.2.6 P-5626V-12.2.7 P-5626V-12.2.8 P-5626V-12.2.9 P-5626V-12.2.10 Vulnerability in the Oracle Retail Clearance Optimization Engine component of Oracle Retail Applications (subcomponent: General Application (Apache Log4j)). The supported version that is affected is 14.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Clearance Optimization Engine. Successful attacks of this vulnerability can result in takeover of Oracle Retail Clearance Optimization Engine. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-5645 P-5256V-14.0.5 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-5256V-14.0.5 Vulnerability in the Oracle Retail Financial Integration component of Oracle Retail Applications (subcomponent: PeopleSoft Integration Bugs (Apache Log4j)). Supported versions that are affected are 13.2.x, 14.0.x, 14.1.x, 15.0.x, 16.0.x and 16.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Financial Integration. Successful attacks of this vulnerability can result in takeover of Oracle Retail Financial Integration. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-5645 P-10722V-13.2.x P-10722V-14.0.x P-10722V-14.1.x P-10722V-15.0.x P-10722V-16.0.x P-10722V-16.0.x 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-10722V-13.2.x P-10722V-14.0.x P-10722V-14.1.x P-10722V-15.0.x P-10722V-16.0.x P-10722V-16.0.x Vulnerability in the Oracle Retail Integration Bus component of Oracle Retail Applications (subcomponent: RIB Kernal (Apache Log4j)). Supported versions that are affected are 12.0.x, 13.0.x, 13.1.x, 13.2.x, 14.0.0 14.1.0, 15.0 and 16.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Integration Bus. Successful attacks of this vulnerability can result in takeover of Oracle Retail Integration Bus. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-5645 P-1807V-12.0.x P-1807V-13.0.x P-1807V-13.1.x P-1807V-13.2.x P-1807V-14.0.014.1.0 P-1807V-15.0 P-1807V-16.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-1807V-12.0.x P-1807V-13.0.x P-1807V-13.1.x P-1807V-13.2.x P-1807V-14.0.014.1.0 P-1807V-15.0 P-1807V-16.0 Vulnerability in the Oracle Retail Predictive Application Server component of Oracle Retail Applications (subcomponent: RPAS Fusion Client (Apache Log4j)). The supported version that is affected is 15.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Predictive Application Server. Successful attacks of this vulnerability can result in takeover of Oracle Retail Predictive Application Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-5645 P-1823V-15.0.3 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-1823V-15.0.3 Vulnerability in the Oracle Retail Service Backbone component of Oracle Retail Applications (subcomponent: Install (Apache Log4j)). Supported versions that are affected are 14.0.x, 14.1.x, 15.0.x and 16.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Service Backbone. Successful attacks of this vulnerability can result in takeover of Oracle Retail Service Backbone. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-5645 P-10867V-14.0.x P-10867V-14.1.x P-10867V-15.0.x P-10867V-16.0.x 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-10867V-14.0.x P-10867V-14.1.x P-10867V-15.0.x P-10867V-16.0.x Vulnerability in the Oracle Retail Service Layer component of Oracle Retail Applications (subcomponent: Installation (Apache Log4j)). Supported versions that are affected are 12.0.x, 13.0.x, 13.1.x, 13.2.x and 14.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Service Layer. Successful attacks of this vulnerability can result in takeover of Oracle Retail Service Layer. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-5645 P-1836V-12.0.x P-1836V-13.0.x P-1836V-13.1.x P-1836V-13.2.x P-1836V-14.0.x 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-1836V-12.0.x P-1836V-13.0.x P-1836V-13.1.x P-1836V-13.2.x P-1836V-14.0.x Vulnerability in the Oracle Utilities Network Management System component of Oracle Utilities Applications (subcomponent: Logging (Apache Log4j)). Supported versions that are affected are 1.12.x and 2.3.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Network Management System. Successful attacks of this vulnerability can result in takeover of Oracle Utilities Network Management System. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-5645 P-2241V-1.12.x P-2241V-2.3.x 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-2241V-1.12.x P-2241V-2.3.x Vulnerability in the Oracle Utilities Work and Asset Management component of Oracle Utilities Applications (subcomponent: Logging (Apache Log4j)). The supported version that is affected is 1.9.1.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Work and Asset Management. Successful attacks of this vulnerability can result in takeover of Oracle Utilities Work and Asset Management. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-5645 P-2244V-1.9.1.2.12 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-2244V-1.9.1.2.12 Vulnerability in the Oracle Agile PLM MCAD Connector component of Oracle Supply Chain Products Suite (subcomponent: CAX Client (Apache Batik)). Supported versions that are affected are 3.3, 3.4, 3.5 and 3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM MCAD Connector. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM MCAD Connector accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Agile PLM MCAD Connector. CVSS 3.0 Base Score 7.3 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H). Fix has been released CVE-2017-5662 P-4440V-3.3 P-4440V-3.4 P-4440V-3.5 P-4440V-3.6 7.3 AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-4440V-3.3 P-4440V-3.4 P-4440V-3.5 P-4440V-3.6 Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) component of Oracle Communications Applications (subcomponent: Security (Apache Batik)). Supported versions that are affected are 7.x and 8.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Diameter Signaling Router (DSR) accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Diameter Signaling Router (DSR). CVSS 3.0 Base Score 7.3 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H). Fix has been released CVE-2017-5662 P-10899V-7.x P-10899V-8.x 7.3 AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-10899V-7.x P-10899V-8.x Vulnerability in the Oracle Utilities Network Management System component of Oracle Utilities Applications (subcomponent: Install (Apache Batik)). Supported versions that are affected are 1.12.x and 2.3.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Utilities Network Management System. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Utilities Network Management System accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Utilities Network Management System. CVSS 3.0 Base Score 7.3 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H). Fix has been released CVE-2017-5662 P-2241V-1.12.x P-2241V-2.3.x 7.3 AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-2241V-1.12.x P-2241V-2.3.x Vulnerability in the Oracle Retail Convenience and Fuel POS Software component of Oracle Retail Applications (subcomponent: OPT Server (Apache Tomcat)). The supported version that is affected is 2.1.132. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Convenience and Fuel POS Software. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Retail Convenience and Fuel POS Software accessible data. CVSS 3.0 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Fix has been released CVE-2017-5664 P-11515V-2.1.132 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-11515V-2.1.132 Vulnerability in the Oracle Communications Session Border Controller component of Oracle Communications Applications (subcomponent: Security (Kernel)). Supported versions that are affected are ECz7.x and ECz8.x. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Session Border Controller executes to compromise Oracle Communications Session Border Controller. Successful attacks of this vulnerability can result in takeover of Oracle Communications Session Border Controller. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-6074 P-10750V-ECz7.x P-10750V-ECz8.x 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-10750V-ECz7.x P-10750V-ECz8.x Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: Security (Apache Struts 2)). The supported version that is affected is 12.x. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Policy Management. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-7525 P-10900V-12.x 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-10900V-12.x Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Products Suite (subcomponent: Installer (Apache HTTP Server)). The supported version that is affected is 13.2.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2017-9798 P-1370V-13.2.x 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-1370V-13.2.x Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Networking (Apache HTTP Server)). Supported versions that are affected are 12.2.2 and 12.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Ops Center accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2017-9798 P-9835V-12.2.2 P-9835V-12.3.3 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-9835V-12.2.2 P-9835V-12.3.3 Vulnerability in the Oracle API Gateway component of Oracle Fusion Middleware (subcomponent: Oracle API Gateway (OpenSSL)). The supported version that is affected is 11.1.2.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle API Gateway. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle API Gateway. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-0739 P-9195V-11.1.2.4.0 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-9195V-11.1.2.4.0 Vulnerability in the Oracle Agile Engineering Data Management component of Oracle Supply Chain Products Suite (subcomponent: Install (OpenSSL)). Supported versions that are affected are 6.1.3, 6.2.0 and 6.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile Engineering Data Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Agile Engineering Data Management. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-0739 P-4436V-6.1.3 P-4436V-6.2.0 P-4436V-6.2.1 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-4436V-6.1.3 P-4436V-6.2.0 P-4436V-6.2.1 Vulnerability in the Oracle Communications Network Charging and Control component of Oracle Communications Applications (subcomponent: Security (OpenSSL)). Supported versions that are affected are 4.4.1.5.0, 5.0.0.1.0, 5.0.0.2.0, 5.0.1.0.0 and 5.0.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Communications Network Charging and Control. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Network Charging and Control. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-0739 P-4623V-4.4.1.5.0 P-4623V-5.0.0.1.0 P-4623V-5.0.0.2.0 P-4623V-5.0.1.0.0 P-4623V-5.0.2.0.0 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-4623V-4.4.1.5.0 P-4623V-5.0.0.1.0 P-4623V-5.0.0.2.0 P-4623V-5.0.1.0.0 P-4623V-5.0.2.0.0 Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Networking (OpenSSL)). Supported versions that are affected are 12.2.2 and 12.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Enterprise Manager Ops Center. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Enterprise Manager Ops Center. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-0739 P-9835V-12.2.2 P-9835V-12.3.3 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-9835V-12.2.2 P-9835V-12.3.3 Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/ODBC (OpenSSL)). Supported versions that are affected are 5.3.10 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-0739 P-8576V-5.3.10 and prior P-8576V-8.0.11 and prior 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8576V-5.3.10 and prior P-8576V-8.0.11 and prior Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: General (OpenSSL)). Supported versions that are affected are 3.4.7.4297 and prior, 4.0.4.5235 and prior and 8.0.0.8131 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-0739 P-8480V-3.4.7.4297 and prior P-8480V-4.0.4.5235 and prior P-8480V-8.0.0.8131 and prior 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8480V-3.4.7.4297 and prior P-8480V-4.0.4.5235 and prior P-8480V-8.0.0.8131 and prior Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Installing (OpenSSL)). Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-0739 P-8478V-5.6.40 and prior P-8478V-5.7.22 and prior P-8478V-8.0.11 and prior 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8478V-5.6.40 and prior P-8478V-5.7.22 and prior P-8478V-8.0.11 and prior Vulnerability in the MySQL Workbench component of Oracle MySQL (subcomponent: Workbench: Security: Encryption (OpenSSL)). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Workbench. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Workbench. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-0739 P-4627V-8.0.11 and prior 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-4627V-8.0.11 and prior Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security (OpenSSL)). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-0739 P-5085V-8.55 P-5085V-8.56 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-5085V-8.55 P-5085V-8.56 Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: Core (OpenSSL)). Supported versions that are affected are 5.3 and 5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Secure Global Desktop. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Secure Global Desktop. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-0739 P-8539V-5.3 P-8539V-5.4 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8539V-5.3 P-8539V-5.4 Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Install (OpenSSL)). The supported version that is affected is 6.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Transportation Management. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-0739 P-1991V-6.2 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-1991V-6.2 Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: SSL/TLS (OpenSSL)). The supported version that is affected is 12.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Tuxedo. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Tuxedo. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-0739 P-5433V-12.1.1 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-5433V-12.1.1 Vulnerability in the OSS Support Tools component of Oracle Support Tools (subcomponent: Services Tools Bundle (curl)). The supported version that is affected is Prior to 18.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise OSS Support Tools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of OSS Support Tools. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-1000300 P-1330V-Prior to 18.3 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-1330V-Prior to 18.3 Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: Core (curl)). Supported versions that are affected are 5.3 and 5.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Secure Global Desktop. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Secure Global Desktop. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-1000300 P-8539V-5.3 P-8539V-5.4 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8539V-5.3 P-8539V-5.4 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11.3. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-1171 P-10006V-10 P-10006V-11.3 7.0 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-10006V-10 P-10006V-11.3 Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite (subcomponent: Load Testing for Web Apps (Spring Framework)). The supported version that is affected is 10.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in takeover of Oracle Application Testing Suite. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-1275 P-4622V-10.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-4622V-10.1 Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Networking (Spring Framework)). Supported versions that are affected are 12.2.2 and 12.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in takeover of Enterprise Manager Ops Center. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-1275 P-9835V-12.2.2 P-9835V-12.3.3 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-9835V-12.2.2 P-9835V-12.3.3 Vulnerability in the Oracle Enterprise Repository component of Oracle Fusion Middleware (subcomponent: Security Subsystem (Spring Framework)). Supported versions that are affected are 11.1.1.7.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Repository. Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Repository. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-1275 P-5326V-11.1.1.7.0 P-5326V-12.1.3.0.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-5326V-11.1.1.7.0 P-5326V-12.1.3.0.0 Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure component of Oracle Financial Services Applications (subcomponent: Inline Processing Engine (Spring Framework)). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Analytical Applications Infrastructure. Note: Please refer MOS document (<a href="https://support.oracle.com/rs?type=doc&id=2380553.1">Doc ID 2380553.1)</a> for applicability across other Oracle Financial Services products. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-1275 P-5680V-8.0.x 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-5680V-8.0.x Vulnerability in the Oracle Financial Services Behavior Detection Platform component of Oracle Financial Services Applications (subcomponent: Admin Tool (Spring Framework)). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Behavior Detection Platform. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Behavior Detection Platform. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-1275 P-9190V-8.0.x 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-9190V-8.0.x Vulnerability in the Oracle Insurance Policy Administration component of Oracle Insurance Applications (subcomponent: Policy Administration (Spring Framework)). Supported versions that are affected are 10.0, 10.1, 10.2 and 11.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Policy Administration. Successful attacks of this vulnerability can result in takeover of Oracle Insurance Policy Administration. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-1275 P-5279V-10.0 P-5279V-10.1 P-5279V-10.2 P-5279V-11.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-5279V-10.0 P-5279V-10.1 P-5279V-10.2 P-5279V-11.0 Vulnerability in the PeopleSoft Enterprise FIN Install component of Oracle PeopleSoft Products (subcomponent: Security (Spring Framework)). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Install. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise FIN Install. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-1275 P-8925V-9.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8925V-9.2 Vulnerability in the Oracle Retail Back Office component of Oracle Retail Applications (subcomponent: Security (Spring Framework)). Supported versions that are affected are 14.0 and 14.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Back Office. Successful attacks of this vulnerability can result in takeover of Oracle Retail Back Office. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-1275 P-2013V-14.0 P-2013V-14.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-2013V-14.0 P-2013V-14.1 Vulnerability in the Oracle Retail Central Office component of Oracle Retail Applications (subcomponent: Security (Spring Framework)). Supported versions that are affected are 14.0 and 14.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Central Office. Successful attacks of this vulnerability can result in takeover of Oracle Retail Central Office. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-1275 P-2016V-14.0 P-2016V-14.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-2016V-14.0 P-2016V-14.1 Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: Infrastructure (Spring Framework)). Supported versions that are affected are 14.0 and 14.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Point-of-Service. Successful attacks of this vulnerability can result in takeover of Oracle Retail Point-of-Service. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-1275 P-2017V-14.0 P-2017V-14.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-2017V-14.0 P-2017V-14.1 Vulnerability in the Oracle Retail Returns Management component of Oracle Retail Applications (subcomponent: Security (Spring Framework)). Supported versions that are affected are 14.0 and 14.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Returns Management. Successful attacks of this vulnerability can result in takeover of Oracle Retail Returns Management. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-1275 P-2020V-14.0 P-2020V-14.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-2020V-14.0 P-2020V-14.1 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Sample apps (Spring Framework)). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-1275 P-5242V-10.3.6.0 P-5242V-12.1.3.0 P-5242V-12.2.1.2 P-5242V-12.2.1.3 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-5242V-10.3.6.0 P-5242V-12.1.3.0 P-5242V-12.2.1.2 P-5242V-12.2.1.3 Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: Application Server (Apache Tomcat)). Supported versions that are affected are 5.3 and 5.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Secure Global Desktop. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Secure Global Desktop accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2018-1305 P-8539V-5.3 P-8539V-5.4 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8539V-5.3 P-8539V-5.4 Vulnerability in the MySQL Workbench component of Oracle MySQL (subcomponent: Workbench: Security: Encryption). Supported versions that are affected are 6.3.10 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Workbench. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Workbench accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Fix has been released CVE-2018-2598 P-4627V-6.3.10 and earlier 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-4627V-6.3.10 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N). Fix has been released CVE-2018-2767 P-8478V-5.5.60 and prior P-8478V-5.6.40 and prior P-8478V-5.7.22 and prior 3.1 AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8478V-5.5.60 and prior P-8478V-5.6.40 and prior P-8478V-5.7.22 and prior Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Database). Supported versions that are affected are 11.0.x, 12.0.x, 12.1.x, 12.1.1.x, 12.1.2.x and 13.1.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS Retail-J accessible data as well as unauthorized read access to a subset of MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). Fix has been released CVE-2018-2881 P-11567V-11.0.x P-11567V-12.0.x P-11567V-12.1.x P-11567V-12.1.1.x P-11567V-12.1.2.x P-11567V-13.1.x 6.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-11567V-11.0.x P-11567V-12.0.x P-11567V-12.1.x P-11567V-12.1.1.x P-11567V-12.1.2.x P-11567V-13.1.x Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Interfaces). Supported versions that are affected are 10.2.x, 11.0.x, 12.0.x,12.1.x, 12.1.1.x,12.1.2.x and 13.1.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Retail-J. While the vulnerability is in MICROS Retail-J, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MICROS Retail-J accessible data. CVSS 3.0 Base Score 7.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N). Fix has been released CVE-2018-2882 P-11567V-10.2.x P-11567V-11.0.x P-11567V-12.0.x P-11567V-12.1.x P-11567V-12.1.1.x P-11567V-12.1.2.x P-11567V-13.1.x 7.7 AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-11567V-10.2.x P-11567V-11.0.x P-11567V-12.0.x P-11567V-12.1.x P-11567V-12.1.1.x P-11567V-12.1.2.x P-11567V-13.1.x Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Back Office). Supported versions that are affected are 10.2.x, 11.0.x, 12.0.x, 12.1.x, 12.1.1.x,12.1.2.x and 13.1.x. Difficult to exploit vulnerability allows physical access to compromise MICROS Retail-J. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MICROS Retail-J, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MICROS Retail-J accessible data as well as unauthorized access to critical data or complete access to all MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J. CVSS 3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L). Fix has been released CVE-2018-2888 P-11567V-10.2.x P-11567V-11.0.x P-11567V-12.0.x P-11567V-12.1.x P-11567V-12.1.1.x P-11567V-12.1.2.x P-11567V-13.1.x 6.7 AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-11567V-10.2.x P-11567V-11.0.x P-11567V-12.0.x P-11567V-12.1.x P-11567V-12.1.1.x P-11567V-12.1.2.x P-11567V-13.1.x Vulnerability in the Oracle Retail Bulk Data Integration component of Oracle Retail Applications (subcomponent: BDI Job Scheduler). The supported version that is affected is 16.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Bulk Data Integration. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Bulk Data Integration, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Bulk Data Integration accessible data as well as unauthorized read access to a subset of Oracle Retail Bulk Data Integration accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2018-2891 P-12968V-16.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-12968V-16.0 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Availability Suite Service). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-2892 P-10006V-10 P-10006V-11.3 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-10006V-10 P-10006V-11.3 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-2893 P-5242V-10.3.6.0 P-5242V-12.1.3.0 P-5242V-12.2.1.2 P-5242V-12.2.1.3 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-5242V-10.3.6.0 P-5242V-12.1.3.0 P-5242V-12.2.1.2 P-5242V-12.2.1.3 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-2894 P-5242V-12.1.3.0 P-5242V-12.2.1.2 P-5242V-12.2.1.3 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-5242V-12.1.3.0 P-5242V-12.2.1.2 P-5242V-12.2.1.3 Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Corporate Lending, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2018-2895 P-12989V-12.3.0 P-12989V-12.4.0 P-12989V-12.5.0 P-12989V-14.0.0 P-12989V-14.1.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-12989V-12.3.0 P-12989V-12.4.0 P-12989V-12.5.0 P-12989V-14.0.0 P-12989V-14.1.0 Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Payments, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2018-2896 P-13011V-12.2.0 P-13011V-12.3.0 P-13011V-12.4.0 P-13011V-12.5.0 P-13011V-14.1.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-13011V-12.2.0 P-13011V-12.3.0 P-13011V-12.4.0 P-13011V-12.5.0 P-13011V-14.1.0 Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.3.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Enterprise Limits and Collateral Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2018-2897 P-9100V-12.3.0 P-9100V-14.0.0 P-9100V-14.1.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-9100V-12.3.0 P-9100V-14.0.0 P-9100V-14.1.0 Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.4, 12.1.0, 12.3.0 and 12.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Investor Servicing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2018-2898 P-9099V-12.0.4 P-9099V-12.1.0 P-9099V-12.3.0 P-9099V-12.4.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-9099V-12.0.4 P-9099V-12.1.0 P-9099V-12.3.0 P-9099V-12.4.0 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2018-2899 P-9052V-11.3.0 P-9052V-11.4.0 P-9052V-12.0.1 P-9052V-12.0.2 P-9052V-12.0.3 P-9052V-12.1.0 P-9052V-12.2.0 P-9052V-12.3.0 P-9052V-12.4.0 P-9052V-14.0.0 P-9052V-14.1.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-9052V-11.3.0 P-9052V-11.4.0 P-9052V-12.0.1 P-9052V-12.0.2 P-9052V-12.0.3 P-9052V-12.1.0 P-9052V-12.2.0 P-9052V-12.3.0 P-9052V-12.4.0 P-9052V-14.0.0 P-9052V-14.1.0 Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Layout Tools). The supported version that is affected is 11.1.1.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all BI Publisher accessible data as well as unauthorized read access to a subset of BI Publisher accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N). Fix has been released CVE-2018-2900 P-1479V-11.1.1.7.0 8.2 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-1479V-11.1.1.7.0 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via DHCP to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Fix has been released CVE-2018-2901 P-10006V-10 P-10006V-11.2 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-10006V-10 P-10006V-11.2 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Solaris accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2018-2903 P-10006V-10 P-10006V-11.3 4.4 AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-10006V-10 P-10006V-11.3 Vulnerability in the Oracle Communications EAGLE LNP Application Processor component of Oracle Communications Applications (subcomponent: GUI). The supported version that is affected is 10.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications EAGLE LNP Application Processor. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications EAGLE LNP Application Processor accessible data as well as unauthorized read access to a subset of Oracle Communications EAGLE LNP Application Processor accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N). Fix has been released CVE-2018-2904 P-11118V-10.x 6.5 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-11118V-10.x Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Core Services). The supported version that is affected is Prior to 8.7.20. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Sun ZFS Storage Appliance Kit (AK) accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Fix has been released CVE-2018-2905 P-10026V-Prior to 8.7.20 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-10026V-Prior to 8.7.20 Vulnerability in the Hardware Management Pack component of Oracle Sun Systems Products Suite (subcomponent: Ipmitool). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via IPMI to compromise Hardware Management Pack. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Hardware Management Pack accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Fix has been released CVE-2018-2906 P-10016V-11.3 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-10016V-11.3 Vulnerability in the Hyperion Financial Reporting component of Oracle Hyperion (subcomponent: Security Models). The supported version that is affected is 11.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Financial Reporting. While the vulnerability is in Hyperion Financial Reporting, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hyperion Financial Reporting accessible data. CVSS 3.0 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). Fix has been released CVE-2018-2907 P-8776V-11.1.2 8.6 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8776V-11.1.2 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with network access via RPC to compromise Solaris. While the vulnerability is in Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). Fix has been released CVE-2018-2908 P-10006V-11.3 7.7 AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-10006V-11.3 Vulnerability in the Hyperion Data Relationship Management component of Oracle Hyperion (subcomponent: Access and security). The supported version that is affected is 11.1.2.4.330. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Hyperion Data Relationship Management. While the vulnerability is in Hyperion Data Relationship Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Hyperion Data Relationship Management accessible data. CVSS 3.0 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N). Fix has been released CVE-2018-2915 P-4375V-11.1.2.4.330 5.8 AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-4375V-11.1.2.4.330 Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: API frameworks). The supported version that is affected is Prior to 8.7.18. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L). Fix has been released CVE-2018-2916 P-10026V-Prior to 8.7.18 2.7 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-10026V-Prior to 8.7.18 Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: API frameworks). The supported version that is affected is Prior to 8.7.18. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Fix has been released CVE-2018-2917 P-10026V-Prior to 8.7.18 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-10026V-Prior to 8.7.18 Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: API frameworks). The supported version that is affected is Prior to 8.7.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-2918 P-10026V-Prior to 8.7.18 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-10026V-Prior to 8.7.18 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Unified Navigation). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2018-2919 P-5085V-8.55 P-5085V-8.56 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-5085V-8.55 P-5085V-8.56 Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: API frameworks). The supported version that is affected is Prior to 8.7.19. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Sun ZFS Storage Appliance Kit (AK) accessible data as well as unauthorized read access to a subset of Sun ZFS Storage Appliance Kit (AK) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 7.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L). Fix has been released CVE-2018-2920 P-10026V-Prior to 8.7.19 7.4 AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-10026V-Prior to 8.7.19 Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface). The supported version that is affected is Prior to 8.7.18. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Sun ZFS Storage Appliance Kit (AK) accessible data. CVSS 3.0 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N). Fix has been released CVE-2018-2921 P-10026V-Prior to 8.7.18 5.8 AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-10026V-Prior to 8.7.18 Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Core Services). The supported version that is affected is Prior to 8.7.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Sun ZFS Storage Appliance Kit (AK) executes to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Sun ZFS Storage Appliance Kit (AK) accessible data. CVSS 3.0 Base Score 2.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). Fix has been released CVE-2018-2923 P-10026V-Prior to 8.7.20 2.3 AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-10026V-Prior to 8.7.20 Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: API frameworks). The supported version that is affected is Prior to 8.7.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Sun ZFS Storage Appliance Kit (AK) executes to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Sun ZFS Storage Appliance Kit (AK) accessible data as well as unauthorized read access to a subset of Sun ZFS Storage Appliance Kit (AK) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 5.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L). Fix has been released CVE-2018-2924 P-10026V-Prior to 8.7.18 5.7 AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-10026V-Prior to 8.7.18 Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Web Server). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2018-2925 P-1479V-11.1.1.7.0 P-1479V-11.1.1.9.0 P-1479V-12.2.1.2.0 P-1479V-12.2.1.3.0 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-1479V-11.1.1.7.0 P-1479V-11.1.1.9.0 P-1479V-12.2.1.2.0 P-1479V-12.2.1.3.0 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: NVIDIA-GFX Kernel driver). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with network access via ISCSI to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris as well as unauthorized update, insert or delete access to some of Solaris accessible data and unauthorized read access to a subset of Solaris accessible data. CVSS 3.0 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H). Fix has been released CVE-2018-2926 P-10006V-11.3 7.6 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-10006V-11.3 Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: HTTP data path subsystems). The supported version that is affected is Prior to 8.7.18. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Sun ZFS Storage Appliance Kit (AK) accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). Fix has been released CVE-2018-2927 P-10026V-Prior to 8.7.18 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-10026V-Prior to 8.7.18 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RAD). The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Solaris accessible data as well as unauthorized access to critical data or complete access to all Solaris accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N). Fix has been released CVE-2018-2928 P-10006V-11.3 8.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-10006V-11.3 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2018-2929 P-5085V-8.55 P-5085V-8.56 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-5085V-8.55 P-5085V-8.56 Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition). Supported versions that are affected are 3.3 and 4.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via RPC to compromise Solaris Cluster. Successful attacks of this vulnerability can result in takeover of Solaris Cluster. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-2930 P-10005V-3.3 P-10005V-4.3 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-10005V-3.3 P-10005V-4.3 Vulnerability in the Oracle SuperCluster Specific Software component of Oracle Sun Systems Products Suite (subcomponent: SuperCluster Virtual Assistant). The supported version that is affected is Prior to 2.5.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle SuperCluster Specific Software. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle SuperCluster Specific Software accessible data as well as unauthorized update, insert or delete access to some of Oracle SuperCluster Specific Software accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle SuperCluster Specific Software. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:H). Fix has been released CVE-2018-2932 P-10011V-Prior to 2.5.0 7.1 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-10011V-Prior to 2.5.0 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. Note: Please refer to MOS document (<a href="https://support.oracle.com/rs?type=doc&id=2421480.1">Doc ID 2421480.1</a>) for instructions on how to address this issue. CVSS 3.0 Base Score 4.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N). Fix has been released CVE-2018-2933 P-5242V-10.3.6.0 P-5242V-12.1.3.0 P-5242V-12.2.1.2 P-5242V-12.2.1.3 4.9 AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-5242V-10.3.6.0 P-5242V-12.1.3.0 P-5242V-12.2.1.2 P-5242V-12.2.1.3 Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments / File Upload). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). Fix has been released CVE-2018-2934 P-510V-12.1.3 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-510V-12.1.3 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: JSF). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L). Fix has been released CVE-2018-2935 P-5242V-10.3.6.0 P-5242V-12.1.3.0 P-5242V-12.2.1.2 P-5242V-12.2.1.3 8.3 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-5242V-10.3.6.0 P-5242V-12.1.3.0 P-5242V-12.2.1.2 P-5242V-12.2.1.3 Vulnerability in the Oracle Communications Messaging Server component of Oracle Communications Applications (subcomponent: Web Client). The supported version that is affected is 3.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Messaging Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Messaging Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Messaging Server accessible data as well as unauthorized read access to a subset of Oracle Communications Messaging Server accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2018-2936 P-8501V-3.x 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8501V-3.x Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface). The supported version that is affected is Prior to 8.7.19. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Sun ZFS Storage Appliance Kit (AK) accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). Fix has been released CVE-2018-2937 P-10026V-Prior to 8.7.19 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-10026V-Prior to 8.7.19 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java DB). Supported versions that are affected are Java SE: 6u191, 7u181 and 8u172. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVE-2018-2938 addresses CVE-2018-1313. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). Fix has been released CVE-2018-2938 P-856V-Java SE: 6u191 P-856V-7u181 P-856V-8u172 9.0 AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-856V-Java SE: 6u191 P-856V-7u181 P-856V-8u172 Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18.1 and 18.2. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Core RDBMS accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Core RDBMS. CVSS 3.0 Base Score 8.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H). Fix has been released CVE-2018-2939 P-5V-11.2.0.4 P-5V-12.1.0.2 P-5V-12.2.0.1 P-5V-18.1 P-5V-18.2 8.4 AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-5V-11.2.0.4 P-5V-12.1.0.2 P-5V-12.2.0.1 P-5V-18.1 P-5V-18.2 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N). Fix has been released CVE-2018-2940 P-856V-Java SE: 6u191 P-856V-7u181 P-856V-8u172 P-856V-10.0.1; Java SE Embedded: 8u171 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-856V-Java SE: 6u191 P-856V-7u181 P-856V-8u172 P-856V-10.0.1; Java SE Embedded: 8u171 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u181, 8u172 and 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). Fix has been released CVE-2018-2941 P-856V-Java SE: 7u181 P-856V-8u172 P-856V-10.0.1 8.3 AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-856V-Java SE: 7u181 P-856V-8u172 P-856V-10.0.1 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL). Supported versions that are affected are Java SE: 7u181 and 8u172. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). Fix has been released CVE-2018-2942 P-856V-Java SE: 7u181 P-856V-8u172 8.3 AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-856V-Java SE: 7u181 P-856V-8u172 Vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Map Builder). Supported versions that are affected are 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Fusion Middleware MapViewer. Successful attacks of this vulnerability can result in takeover of Oracle Fusion Middleware MapViewer. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-2943 P-1215V-12.2.1.2.0 P-1215V-12.2.1.3.0 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-1215V-12.2.1.2.0 P-1215V-12.2.1.3.0 Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Monitoring and Diagnostics). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Tools accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2018-2944 P-4781V-9.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-4781V-9.2 Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2018-2945 P-4781V-9.2 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-4781V-9.2 Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2018-2946 P-4781V-9.2 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-4781V-9.2 Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Tools accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2018-2947 P-4781V-9.2 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-4781V-9.2 Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2018-2948 P-4781V-9.2 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-4781V-9.2 Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2018-2949 P-4781V-9.2 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-4781V-9.2 Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2018-2950 P-4781V-9.2 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-4781V-9.2 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Configuration Manager). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2018-2951 P-5085V-8.55 P-5085V-8.56 6.2 AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-5085V-8.55 P-5085V-8.56 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Fix has been released CVE-2018-2952 P-856V-Java SE: 6u191 P-856V-7u181 P-856V-8u172 P-856V-10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-856V-Java SE: 6u191 P-856V-7u181 P-856V-8u172 P-856V-10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18 Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Fix has been released CVE-2018-2953 P-1379V-12.1.1 P-1379V-12.1.2 P-1379V-12.1.3 P-1379V-12.2.3 P-1379V-12.2.4 P-1379V-12.2.5 P-1379V-12.2.6 P-1379V-12.2.7 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-1379V-12.1.1 P-1379V-12.1.2 P-1379V-12.1.3 P-1379V-12.2.3 P-1379V-12.2.4 P-1379V-12.2.5 P-1379V-12.2.6 P-1379V-12.2.7 Vulnerability in the Oracle Order Management component of Oracle E-Business Suite (subcomponent: Product Diagnostic Tools). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Order Management executes to compromise Oracle Order Management. Successful attacks of this vulnerability can result in takeover of Oracle Order Management. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-2954 P-497V-12.1.1 P-497V-12.1.2 P-497V-12.1.3 P-497V-12.2.3 P-497V-12.2.4 P-497V-12.2.5 P-497V-12.2.6 P-497V-12.2.7 7.0 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-497V-12.1.1 P-497V-12.1.2 P-497V-12.1.3 P-497V-12.2.3 P-497V-12.2.4 P-497V-12.2.5 P-497V-12.2.6 P-497V-12.2.7 Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: Integration). The supported version that is affected is 5.5.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality OPERA 5 Property Services accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Fix has been released CVE-2018-2955 P-11580V-5.5.x 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-11580V-5.5.x Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: Integration). The supported version that is affected is 5.5.x. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality OPERA 5 Property Services executes to compromise Oracle Hospitality OPERA 5 Property Services. While the vulnerability is in Oracle Hospitality OPERA 5 Property Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality OPERA 5 Property Services. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). Fix has been released CVE-2018-2956 P-11580V-5.5.x 8.1 AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-11580V-5.5.x Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: Logging). The supported version that is affected is 5.5.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 Property Services accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2018-2957 P-11580V-5.5.x 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-11580V-5.5.x Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all BI Publisher accessible data as well as unauthorized read access to a subset of BI Publisher accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N). Fix has been released CVE-2018-2958 P-1479V-11.1.1.7.0 P-1479V-11.1.1.9.0 P-1479V-12.2.1.2.0 P-1479V-12.2.1.3.0 8.2 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-1479V-11.1.1.7.0 P-1479V-11.1.1.9.0 P-1479V-12.2.1.2.0 P-1479V-12.2.1.3.0 Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). The supported version that is affected is 18.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel UI Framework accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). Fix has been released CVE-2018-2959 P-9011V-18.0 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-9011V-18.0 Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 8.4, 15.x, 16.x and 17.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2018-2960 P-5579V-8.4 P-5579V-15.x P-5579V-16.x P-5579V-17.x 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-5579V-8.4 P-5579V-15.x P-5579V-16.x P-5579V-17.x Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 8.4, 15.x, 16.x and 17.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2018-2961 P-5579V-8.4 P-5579V-15.x P-5579V-16.x P-5579V-17.x 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-5579V-8.4 P-5579V-15.x P-5579V-16.x P-5579V-17.x Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 8.4, 15.x, 16.x and 17.x. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2018-2962 P-5579V-8.4 P-5579V-15.x P-5579V-16.x P-5579V-17.x 4.4 AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-5579V-8.4 P-5579V-15.x P-5579V-16.x P-5579V-17.x Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 8.4, 15.x and 16.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). Fix has been released CVE-2018-2963 P-5579V-8.4 P-5579V-15.x P-5579V-16.x 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-5579V-8.4 P-5579V-15.x P-5579V-16.x Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u172 and 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). Fix has been released CVE-2018-2964 P-856V-Java SE: 8u172 P-856V-10.0.1 8.3 AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-856V-Java SE: 8u172 P-856V-10.0.1 Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). The supported version that is affected is 16.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Unifier, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Unifier accessible data as well as unauthorized read access to a subset of Primavera Unifier accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2018-2965 P-10354V-16.x 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-10354V-16.x Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). Supported versions that are affected are 16.x, 17.x and 18.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Unifier, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera Unifier accessible data. CVSS 3.0 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N). Fix has been released CVE-2018-2966 P-10354V-16.x P-10354V-17.x P-10354V-18.x 7.4 AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-10354V-16.x P-10354V-17.x P-10354V-18.x Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). Supported versions that are affected are 16.x, 17.x and 18.x. Easily exploitable vulnerability allows physical access to compromise Primavera Unifier. While the vulnerability is in Primavera Unifier, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Unifier accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). Fix has been released CVE-2018-2967 P-10354V-16.x P-10354V-17.x P-10354V-18.x 5.3 AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-10354V-16.x P-10354V-17.x P-10354V-18.x Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). Supported versions that are affected are 16.x, 17.x and 18.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera Unifier accessible data. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N). Fix has been released CVE-2018-2968 P-10354V-16.x P-10354V-17.x P-10354V-18.x 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-10354V-16.x P-10354V-17.x P-10354V-18.x Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). The supported version that is affected is 16.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Primavera Unifier accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). Fix has been released CVE-2018-2969 P-10354V-16.x 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-10354V-16.x Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Search Functionality). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). Fix has been released CVE-2018-2970 P-5085V-8.55 P-5085V-8.56 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-5085V-8.55 P-5085V-8.56 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). The supported version that is affected is Java SE: 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2018-2972 P-856V-Java SE: 10.0.1 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-856V-Java SE: 10.0.1 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). Fix has been released CVE-2018-2973 P-856V-Java SE: 6u191 P-856V-7u181 P-856V-8u172 P-856V-10.0.1; Java SE Embedded: 8u171 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-856V-Java SE: 6u191 P-856V-7u181 P-856V-8u172 P-856V-10.0.1; Java SE Embedded: 8u171 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Universal Banking. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). Fix has been released CVE-2018-2974 P-9052V-11.3.0 P-9052V-11.4.0 P-9052V-12.0.1 P-9052V-12.0.2 P-9052V-12.0.3 P-9052V-12.1.0 P-9052V-12.2.0 P-9052V-12.3.0 P-9052V-12.4.0 P-9052V-14.0.0 P-9052V-14.1.0 6.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-9052V-11.3.0 P-9052V-11.4.0 P-9052V-12.0.1 P-9052V-12.0.2 P-9052V-12.0.3 P-9052V-12.1.0 P-9052V-12.2.0 P-9052V-12.3.0 P-9052V-12.4.0 P-9052V-14.0.0 P-9052V-14.1.0 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Fix has been released CVE-2018-2975 P-9052V-11.3.0 P-9052V-11.4.0 P-9052V-12.0.1 P-9052V-12.0.2 P-9052V-12.0.3 P-9052V-12.1.0 P-9052V-12.2.0 P-9052V-12.3.0 P-9052V-12.4.0 P-9052V-14.0.0 P-9052V-14.1.0 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-9052V-11.3.0 P-9052V-11.4.0 P-9052V-12.0.1 P-9052V-12.0.2 P-9052V-12.0.3 P-9052V-12.1.0 P-9052V-12.2.0 P-9052V-12.3.0 P-9052V-12.4.0 P-9052V-14.0.0 P-9052V-14.1.0 Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Networking). The supported version that is affected is 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Ops Center accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Ops Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N). Fix has been released CVE-2018-2976 P-9835V-12.2.2 8.2 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-9835V-12.2.2 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). Fix has been released CVE-2018-2977 P-5085V-8.55 P-5085V-8.56 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-5085V-8.55 P-5085V-8.56 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Universal Banking. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-2979 P-9052V-11.3.0 P-9052V-11.4.0 P-9052V-12.0.1 P-9052V-12.0.2 P-9052V-12.0.3 P-9052V-12.1.0 P-9052V-12.2.0 P-9052V-12.3.0 P-9052V-12.4.0 P-9052V-14.0.0 P-9052V-14.1.0 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-9052V-11.3.0 P-9052V-11.4.0 P-9052V-12.0.1 P-9052V-12.0.2 P-9052V-12.0.3 P-9052V-12.1.0 P-9052V-12.2.0 P-9052V-12.3.0 P-9052V-12.4.0 P-9052V-14.0.0 P-9052V-14.1.0 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Universal Banking. CVSS 3.0 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L). Fix has been released CVE-2018-2980 P-9052V-11.3.0 P-9052V-11.4.0 P-9052V-12.0.1 P-9052V-12.0.2 P-9052V-12.0.3 P-9052V-12.1.0 P-9052V-12.2.0 P-9052V-12.3.0 P-9052V-12.4.0 P-9052V-14.0.0 P-9052V-14.1.0 5.4 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-9052V-11.3.0 P-9052V-11.4.0 P-9052V-12.0.1 P-9052V-12.0.2 P-9052V-12.0.3 P-9052V-12.1.0 P-9052V-12.2.0 P-9052V-12.3.0 P-9052V-12.4.0 P-9052V-14.0.0 P-9052V-14.1.0 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). Fix has been released CVE-2018-2981 P-9052V-11.3.0 P-9052V-11.4.0 P-9052V-12.0.1 P-9052V-12.0.2 P-9052V-12.0.3 P-9052V-12.1.0 P-9052V-12.2.0 P-9052V-12.3.0 P-9052V-12.4.0 P-9052V-14.0.0 P-9052V-14.1.0 5.4 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-9052V-11.3.0 P-9052V-11.4.0 P-9052V-12.0.1 P-9052V-12.0.2 P-9052V-12.0.3 P-9052V-12.1.0 P-9052V-12.2.0 P-9052V-12.3.0 P-9052V-12.4.0 P-9052V-14.0.0 P-9052V-14.1.0 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2018-2982 P-9052V-11.3.0 P-9052V-11.4.0 P-9052V-12.0.1 P-9052V-12.0.2 P-9052V-12.0.3 P-9052V-12.1.0 P-9052V-12.2.0 P-9052V-12.3.0 P-9052V-12.4.0 P-9052V-14.0.0 P-9052V-14.1.0 5.3 AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-9052V-11.3.0 P-9052V-11.4.0 P-9052V-12.0.1 P-9052V-12.0.2 P-9052V-12.0.3 P-9052V-12.1.0 P-9052V-12.2.0 P-9052V-12.3.0 P-9052V-12.4.0 P-9052V-14.0.0 P-9052V-14.1.0 Vulnerability in the Oracle Hospitality Cruise Fleet Management System component of Oracle Hospitality Applications (subcomponent: Gangway Activity Web App). The supported version that is affected is 9.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Cruise Fleet Management System. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Cruise Fleet Management System accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Fleet Management System accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). Fix has been released CVE-2018-2984 P-11608V-9.x 8.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-11608V-9.x Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Workflow). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2018-2985 P-5085V-8.55 P-5085V-8.56 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-5085V-8.55 P-5085V-8.56 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Workflow). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2018-2986 P-5085V-8.55 P-5085V-8.56 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-5085V-8.55 P-5085V-8.56 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Console). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2018-2987 P-5242V-10.3.6.0 P-5242V-12.1.3.0 P-5242V-12.2.1.2 P-5242V-12.2.1.3 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-5242V-10.3.6.0 P-5242V-12.1.3.0 P-5242V-12.2.1.2 P-5242V-12.2.1.3 Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: Products). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.0 Base Score 6.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N). Fix has been released CVE-2018-2988 P-229V-12.1.1 P-229V-12.1.2 P-229V-12.1.3 P-229V-12.2.3 P-229V-12.2.4 P-229V-12.2.5 P-229V-12.2.6 P-229V-12.2.7 6.9 AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-229V-12.1.1 P-229V-12.1.2 P-229V-12.1.3 P-229V-12.2.3 P-229V-12.2.4 P-229V-12.2.5 P-229V-12.2.6 P-229V-12.2.7 Vulnerability in the Oracle iLearning component of Oracle iLearning (subcomponent: Learner Administration). The supported version that is affected is 6.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iLearning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iLearning, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iLearning accessible data as well as unauthorized update, insert or delete access to some of Oracle iLearning accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Fix has been released CVE-2018-2989 P-902V-6.2 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-902V-6.2 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.55 and 8.56. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). Fix has been released CVE-2018-2990 P-5085V-8.55 P-5085V-8.56 7.4 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-5085V-8.55 P-5085V-8.56 Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Trade Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Trade Management accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Fix has been released CVE-2018-2991 P-765V-12.1.1 P-765V-12.1.2 P-765V-12.1.3 P-765V-12.2.3 P-765V-12.2.4 P-765V-12.2.5 P-765V-12.2.6 P-765V-12.2.7 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-765V-12.1.1 P-765V-12.1.2 P-765V-12.1.3 P-765V-12.2.3 P-765V-12.2.4 P-765V-12.2.5 P-765V-12.2.6 P-765V-12.2.7 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L). Fix has been released CVE-2018-2992 P-2276V-8.5.3 7.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-2276V-8.5.3 Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Preferences). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Fix has been released CVE-2018-2993 P-1199V-12.1.1 P-1199V-12.1.2 P-1199V-12.1.3 P-1199V-12.2.3 P-1199V-12.2.4 P-1199V-12.2.5 P-1199V-12.2.6 P-1199V-12.2.7 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-1199V-12.1.1 P-1199V-12.1.2 P-1199V-12.1.3 P-1199V-12.2.3 P-1199V-12.2.4 P-1199V-12.2.5 P-1199V-12.2.6 P-1199V-12.2.7 Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Shopping Cart). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle iStore accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Fix has been released CVE-2018-2994 P-384V-12.1.1 P-384V-12.1.2 P-384V-12.1.3 P-384V-12.2.3 P-384V-12.2.4 P-384V-12.2.5 P-384V-12.2.6 P-384V-12.2.7 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-384V-12.1.1 P-384V-12.1.2 P-384V-12.1.3 P-384V-12.2.3 P-384V-12.2.4 P-384V-12.2.5 P-384V-12.2.6 P-384V-12.2.7 Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Shopping Cart). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Fix has been released CVE-2018-2995 P-384V-12.1.1 P-384V-12.1.2 P-384V-12.1.3 P-384V-12.2.3 P-384V-12.2.4 P-384V-12.2.5 P-384V-12.2.6 P-384V-12.2.7 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-384V-12.1.1 P-384V-12.1.2 P-384V-12.1.3 P-384V-12.2.3 P-384V-12.2.4 P-384V-12.2.5 P-384V-12.2.6 P-384V-12.2.7 Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: Oracle Diagnostics Interfaces). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Manager accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2018-2996 P-99V-12.1.3 P-99V-12.2.3 P-99V-12.2.4 P-99V-12.2.5 P-99V-12.2.6 P-99V-12.2.7 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-99V-12.1.3 P-99V-12.2.3 P-99V-12.2.4 P-99V-12.2.5 P-99V-12.2.6 P-99V-12.2.7 Vulnerability in the Oracle Scripting component of Oracle E-Business Suite (subcomponent: Script Author). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Scripting. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Scripting, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Scripting accessible data as well as unauthorized update, insert or delete access to some of Oracle Scripting accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Fix has been released CVE-2018-2997 P-433V-12.1.1 P-433V-12.1.2 P-433V-12.1.3 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-433V-12.1.1 P-433V-12.1.2 P-433V-12.1.3 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: SAML). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). Fix has been released CVE-2018-2998 P-5242V-10.3.6.0 P-5242V-12.1.3.0 P-5242V-12.2.1.2 P-5242V-12.2.1.3 5.4 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-5242V-10.3.6.0 P-5242V-12.1.3.0 P-5242V-12.2.1.2 P-5242V-12.2.1.3 Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2018-2999 P-4781V-9.2 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-4781V-9.2 Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: SPMS Suite). The supported version that is affected is 8.x. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Shipboard Property Management System executes to compromise Oracle Hospitality Cruise Shipboard Property Management System. While the vulnerability is in Oracle Hospitality Cruise Shipboard Property Management System, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Shipboard Property Management System accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). Fix has been released CVE-2018-3000 P-11607V-8.x 7.1 AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-11607V-8.x Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: SPMS Suite). The supported version that is affected is 8.x. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Shipboard Property Management System executes to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Shipboard Property Management System accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2018-3001 P-11607V-8.x 6.2 AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-11607V-8.x Vulnerability in the Oracle Hospitality Cruise Fleet Management System component of Oracle Hospitality Applications (subcomponent: Fleet Management System Suite). The supported version that is affected is 9.x. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Fleet Management System executes to compromise Oracle Hospitality Cruise Fleet Management System. While the vulnerability is in Oracle Hospitality Cruise Fleet Management System, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Fleet Management System accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). Fix has been released CVE-2018-3002 P-11608V-9.x 7.1 AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-11608V-9.x Vulnerability in the Oracle Hospitality Cruise Fleet Management System component of Oracle Hospitality Applications (subcomponent: Fleet Management System Suite). The supported version that is affected is 9.x. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Fleet Management System executes to compromise Oracle Hospitality Cruise Fleet Management System. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Fleet Management System accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2018-3003 P-11608V-9.x 6.2 AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-11608V-9.x Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2,12.2.0.1 and 18.2. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java VM accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2018-3004 P-5V-11.2.0.4 P-5V-12.1.0.2 P-5V-12.2.0.1 P-5V-18.2 5.3 AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-5V-11.2.0.4 P-5V-12.1.0.2 P-5V-12.2.0.1 P-5V-18.2 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 4.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Fix has been released CVE-2018-3005 P-8370V-Prior to 5.2.16 4.0 AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8370V-Prior to 5.2.16 Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2018-3006 P-4781V-9.2 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-4781V-9.2 Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. While the vulnerability is in Oracle Tuxedo, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Tuxedo accessible data. CVSS 3.0 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). Fix has been released CVE-2018-3007 P-5433V-12.1.1 P-5433V-12.1.3 P-5433V-12.2.2 8.6 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-5433V-12.1.1 P-5433V-12.1.3 P-5433V-12.2.2 Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Fix has been released CVE-2018-3008 P-229V-12.1.1 P-229V-12.1.2 P-229V-12.1.3 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-229V-12.1.1 P-229V-12.1.2 P-229V-12.1.3 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L). Fix has been released CVE-2018-3009 P-2276V-8.5.3 7.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-2276V-8.5.3 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L). Fix has been released CVE-2018-3010 P-2276V-8.5.3 7.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-2276V-8.5.3 Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Trade Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Trade Management accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Fix has been released CVE-2018-3012 P-765V-12.1.1 P-765V-12.1.2 P-765V-12.1.3 P-765V-12.2.3 P-765V-12.2.4 P-765V-12.2.5 P-765V-12.2.6 P-765V-12.2.7 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-765V-12.1.1 P-765V-12.1.2 P-765V-12.1.3 P-765V-12.2.3 P-765V-12.2.4 P-765V-12.2.5 P-765V-12.2.6 P-765V-12.2.7 Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: Report Server Config). The supported version that is affected is 5.5.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 Property Services accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2018-3013 P-11580V-5.5.x 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-11580V-5.5.x Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: Reports). The supported version that is affected is 5.5.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 Property Services accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2018-3014 P-11580V-5.5.x 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-11580V-5.5.x Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). Fix has been released CVE-2018-3015 P-9052V-11.3.0 P-9052V-11.4.0 P-9052V-12.0.1 P-9052V-12.0.2 P-9052V-12.0.3 P-9052V-12.1.0 P-9052V-12.2.0 P-9052V-12.3.0 P-9052V-12.4.0 P-9052V-14.0.0 P-9052V-14.1.0 8.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-9052V-11.3.0 P-9052V-11.4.0 P-9052V-12.0.1 P-9052V-12.0.2 P-9052V-12.0.3 P-9052V-12.1.0 P-9052V-12.2.0 P-9052V-12.3.0 P-9052V-12.4.0 P-9052V-14.0.0 P-9052V-14.1.0 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). Fix has been released CVE-2018-3016 P-5085V-8.55 P-5085V-8.56 5.4 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-5085V-8.55 P-5085V-8.56 Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Preferences). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Fix has been released CVE-2018-3017 P-1199V-12.1.1 P-1199V-12.1.2 P-1199V-12.1.3 P-1199V-12.2.3 P-1199V-12.2.4 P-1199V-12.2.5 P-1199V-12.2.6 P-1199V-12.2.7 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-1199V-12.1.1 P-1199V-12.1.2 P-1199V-12.1.3 P-1199V-12.2.3 P-1199V-12.2.4 P-1199V-12.2.5 P-1199V-12.2.6 P-1199V-12.2.7 Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Shopping Cart). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Fix has been released CVE-2018-3018 P-384V-12.1.1 P-384V-12.1.2 P-384V-12.1.3 P-384V-12.2.3 P-384V-12.2.4 P-384V-12.2.5 P-384V-12.2.6 P-384V-12.2.7 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-384V-12.1.1 P-384V-12.1.2 P-384V-12.1.3 P-384V-12.2.3 P-384V-12.2.4 P-384V-12.2.5 P-384V-12.2.6 P-384V-12.2.7 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2018-3019 P-9052V-11.3.0 P-9052V-11.4.0 P-9052V-12.0.1 P-9052V-12.0.2 P-9052V-12.0.3 P-9052V-12.1.0 P-9052V-12.2.0 P-9052V-12.3.0 P-9052V-12.4.0 P-9052V-14.0.0 P-9052V-14.1.0 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-9052V-11.3.0 P-9052V-11.4.0 P-9052V-12.0.1 P-9052V-12.0.2 P-9052V-12.0.3 P-9052V-12.1.0 P-9052V-12.2.0 P-9052V-12.3.0 P-9052V-12.4.0 P-9052V-14.0.0 P-9052V-14.1.0 Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Payments. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). Fix has been released CVE-2018-3020 P-13011V-12.2.0 P-13011V-12.3.0 P-13011V-12.4.0 P-13011V-12.5.0 P-13011V-14.1.0 6.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-13011V-12.2.0 P-13011V-12.3.0 P-13011V-12.4.0 P-13011V-12.5.0 P-13011V-14.1.0 Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Fix has been released CVE-2018-3021 P-13011V-12.2.0 P-13011V-12.3.0 P-13011V-12.4.0 P-13011V-12.5.0 P-13011V-14.1.0 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-13011V-12.2.0 P-13011V-12.3.0 P-13011V-12.4.0 P-13011V-12.5.0 P-13011V-14.1.0 Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Payments. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-3022 P-13011V-12.2.0 P-13011V-12.3.0 P-13011V-12.4.0 P-13011V-12.5.0 P-13011V-14.1.0 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-13011V-12.2.0 P-13011V-12.3.0 P-13011V-12.4.0 P-13011V-12.5.0 P-13011V-14.1.0 Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Payments. CVSS 3.0 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L). Fix has been released CVE-2018-3023 P-13011V-12.2.0 P-13011V-12.3.0 P-13011V-12.4.0 P-13011V-12.5.0 P-13011V-14.1.0 5.4 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-13011V-12.2.0 P-13011V-12.3.0 P-13011V-12.4.0 P-13011V-12.5.0 P-13011V-14.1.0 Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). Fix has been released CVE-2018-3024 P-13011V-12.2.0 P-13011V-12.3.0 P-13011V-12.4.0 P-13011V-12.5.0 P-13011V-14.1.0 5.4 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-13011V-12.2.0 P-13011V-12.3.0 P-13011V-12.4.0 P-13011V-12.5.0 P-13011V-14.1.0 Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2018-3025 P-13011V-12.2.0 P-13011V-12.3.0 P-13011V-12.4.0 P-13011V-12.5.0 P-13011V-14.1.0 5.3 AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-13011V-12.2.0 P-13011V-12.3.0 P-13011V-12.4.0 P-13011V-12.5.0 P-13011V-14.1.0 Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Payments, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2018-3026 P-13011V-12.2.0 P-13011V-12.3.0 P-13011V-12.4.0 P-13011V-12.5.0 P-13011V-14.1.0 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-13011V-12.2.0 P-13011V-12.3.0 P-13011V-12.4.0 P-13011V-12.5.0 P-13011V-14.1.0 Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Payments accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). Fix has been released CVE-2018-3027 P-13011V-12.2.0 P-13011V-12.3.0 P-13011V-12.4.0 P-13011V-12.5.0 P-13011V-14.1.0 8.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-13011V-12.2.0 P-13011V-12.3.0 P-13011V-12.4.0 P-13011V-12.5.0 P-13011V-14.1.0 Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.4, 12.1.0, 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Investor Servicing. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). Fix has been released CVE-2018-3028 P-9099V-12.0.4 P-9099V-12.1.0 P-9099V-12.3.0 P-9099V-12.4.0 6.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-9099V-12.0.4 P-9099V-12.1.0 P-9099V-12.3.0 P-9099V-12.4.0 Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.4, 12.1.0, 12.3.0 and 12.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Fix has been released CVE-2018-3029 P-9099V-12.0.4 P-9099V-12.1.0 P-9099V-12.3.0 P-9099V-12.4.0 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-9099V-12.0.4 P-9099V-12.1.0 P-9099V-12.3.0 P-9099V-12.4.0 Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.4, 12.1.0, 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Investor Servicing. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-3030 P-9099V-12.0.4 P-9099V-12.1.0 P-9099V-12.3.0 P-9099V-12.4.0 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-9099V-12.0.4 P-9099V-12.1.0 P-9099V-12.3.0 P-9099V-12.4.0 Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.4, 12.1.0, 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Investor Servicing. CVSS 3.0 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L). Fix has been released CVE-2018-3031 P-9099V-12.0.4 P-9099V-12.1.0 P-9099V-12.3.0 P-9099V-12.4.0 5.4 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-9099V-12.0.4 P-9099V-12.1.0 P-9099V-12.3.0 P-9099V-12.4.0 Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.4, 12.1.0, 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). Fix has been released CVE-2018-3032 P-9099V-12.0.4 P-9099V-12.1.0 P-9099V-12.3.0 P-9099V-12.4.0 5.4 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-9099V-12.0.4 P-9099V-12.1.0 P-9099V-12.3.0 P-9099V-12.4.0 Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.4, 12.1.0, 12.3.0 and 12.4.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2018-3033 P-9099V-12.0.4 P-9099V-12.1.0 P-9099V-12.3.0 P-9099V-12.4.0 5.3 AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-9099V-12.0.4 P-9099V-12.1.0 P-9099V-12.3.0 P-9099V-12.4.0 Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.4, 12.1.0, 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Investor Servicing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2018-3034 P-9099V-12.0.4 P-9099V-12.1.0 P-9099V-12.3.0 P-9099V-12.4.0 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-9099V-12.0.4 P-9099V-12.1.0 P-9099V-12.3.0 P-9099V-12.4.0 Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.4, 12.1.0, 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). Fix has been released CVE-2018-3035 P-9099V-12.0.4 P-9099V-12.1.0 P-9099V-12.3.0 P-9099V-12.4.0 8.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-9099V-12.0.4 P-9099V-12.1.0 P-9099V-12.3.0 P-9099V-12.4.0 Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Corporate Lending. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). Fix has been released CVE-2018-3036 P-12989V-12.3.0 P-12989V-12.4.0 P-12989V-12.5.0 P-12989V-14.0.0 P-12989V-14.1.0 6.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-12989V-12.3.0 P-12989V-12.4.0 P-12989V-12.5.0 P-12989V-14.0.0 P-12989V-14.1.0 Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.3.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Enterprise Limits and Collateral Management. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). Fix has been released CVE-2018-3037 P-9100V-12.3.0 P-9100V-14.0.0 P-9100V-14.1.0 6.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-9100V-12.3.0 P-9100V-14.0.0 P-9100V-14.1.0 Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Fix has been released CVE-2018-3038 P-12989V-12.3.0 P-12989V-12.4.0 P-12989V-12.5.0 P-12989V-14.0.0 P-12989V-14.1.0 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-12989V-12.3.0 P-12989V-12.4.0 P-12989V-12.5.0 P-12989V-14.0.0 P-12989V-14.1.0 Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.3.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Fix has been released CVE-2018-3039 P-9100V-12.3.0 P-9100V-14.0.0 P-9100V-14.1.0 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-9100V-12.3.0 P-9100V-14.0.0 P-9100V-14.1.0 Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Corporate Lending. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-3040 P-12989V-12.3.0 P-12989V-12.4.0 P-12989V-12.5.0 P-12989V-14.0.0 P-12989V-14.1.0 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-12989V-12.3.0 P-12989V-12.4.0 P-12989V-12.5.0 P-12989V-14.0.0 P-12989V-14.1.0 Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.3.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Enterprise Limits and Collateral Management. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-3041 P-9100V-12.3.0 P-9100V-14.0.0 P-9100V-14.1.0 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-9100V-12.3.0 P-9100V-14.0.0 P-9100V-14.1.0 Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Corporate Lending. CVSS 3.0 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L). Fix has been released CVE-2018-3042 P-12989V-12.3.0 P-12989V-12.4.0 P-12989V-12.5.0 P-12989V-14.0.0 P-12989V-14.1.0 5.4 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-12989V-12.3.0 P-12989V-12.4.0 P-12989V-12.5.0 P-12989V-14.0.0 P-12989V-14.1.0 Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.3.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Enterprise Limits and Collateral Management. CVSS 3.0 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L). Fix has been released CVE-2018-3043 P-9100V-12.3.0 P-9100V-14.0.0 P-9100V-14.1.0 5.4 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-9100V-12.3.0 P-9100V-14.0.0 P-9100V-14.1.0 Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). Fix has been released CVE-2018-3044 P-12989V-12.3.0 P-12989V-12.4.0 P-12989V-12.5.0 P-12989V-14.0.0 P-12989V-14.1.0 5.4 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-12989V-12.3.0 P-12989V-12.4.0 P-12989V-12.5.0 P-12989V-14.0.0 P-12989V-14.1.0 Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.3.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). Fix has been released CVE-2018-3045 P-9100V-12.3.0 P-9100V-14.0.0 P-9100V-14.1.0 5.4 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-9100V-12.3.0 P-9100V-14.0.0 P-9100V-14.1.0 Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0, 14.0.0 and 14.1.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2018-3046 P-12989V-12.3.0 P-12989V-12.4.0 P-12989V-12.5.0 P-12989V-14.0.0 P-12989V-14.1.0 5.3 AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-12989V-12.3.0 P-12989V-12.4.0 P-12989V-12.5.0 P-12989V-14.0.0 P-12989V-14.1.0 Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.3.0, 14.0.0 and 14.1.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2018-3047 P-9100V-12.3.0 P-9100V-14.0.0 P-9100V-14.1.0 5.3 AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-9100V-12.3.0 P-9100V-14.0.0 P-9100V-14.1.0 Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Corporate Lending, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2018-3048 P-12989V-12.3.0 P-12989V-12.4.0 P-12989V-12.5.0 P-12989V-14.0.0 P-12989V-14.1.0 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-12989V-12.3.0 P-12989V-12.4.0 P-12989V-12.5.0 P-12989V-14.0.0 P-12989V-14.1.0 Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.3.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Enterprise Limits and Collateral Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2018-3049 P-9100V-12.3.0 P-9100V-14.0.0 P-9100V-14.1.0 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-9100V-12.3.0 P-9100V-14.0.0 P-9100V-14.1.0 Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Corporate Lending accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). Fix has been released CVE-2018-3050 P-12989V-12.3.0 P-12989V-12.4.0 P-12989V-12.5.0 P-12989V-14.0.0 P-12989V-14.1.0 8.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-12989V-12.3.0 P-12989V-12.4.0 P-12989V-12.5.0 P-12989V-14.0.0 P-12989V-14.1.0 Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.3.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). Fix has been released CVE-2018-3051 P-9100V-12.3.0 P-9100V-14.0.0 P-9100V-14.1.0 8.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-9100V-12.3.0 P-9100V-14.0.0 P-9100V-14.1.0 Vulnerability in the MICROS Relate CRM Software component of Oracle Retail Applications (subcomponent: Internal Operations). Supported versions that are affected are 10.8.x and 11.4.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Relate CRM Software. While the vulnerability is in MICROS Relate CRM Software, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS Relate CRM Software accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Relate CRM Software. CVSS 3.0 Base Score 6.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L). Fix has been released CVE-2018-3052 P-11566V-10.8.x P-11566V-11.4.x 6.4 AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-11566V-10.8.x P-11566V-11.4.x Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation component of Oracle Retail Applications (subcomponent: Internal Operations). Supported versions that are affected are 16.x and 17.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. While the vulnerability is in Oracle Retail Customer Management and Segmentation Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Customer Management and Segmentation Foundation. CVSS 3.0 Base Score 6.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L). Fix has been released CVE-2018-3053 P-13388V-16.x P-13388V-17.x 6.4 AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-13388V-16.x P-13388V-17.x Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-3054 P-8478V-5.7.22 and prior P-8478V-8.0.11 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8478V-5.7.22 and prior P-8478V-8.0.11 and prior Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:H). Fix has been released CVE-2018-3055 P-8370V-Prior to 5.2.16 7.1 AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8370V-Prior to 5.2.16 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). Fix has been released CVE-2018-3056 P-8478V-5.7.22 and prior P-8478V-8.0.11 and prior 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8478V-5.7.22 and prior P-8478V-8.0.11 and prior Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: API frameworks). The supported version that is affected is Prior to 8.7.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Sun ZFS Storage Appliance Kit (AK) executes to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). Fix has been released CVE-2018-3057 P-10026V-Prior to 8.7.18 8.2 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-10026V-Prior to 8.7.18 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). Fix has been released CVE-2018-3058 P-8478V-5.5.60 and prior P-8478V-5.6.40 and prior P-8478V-5.7.22 and prior 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8478V-5.5.60 and prior P-8478V-5.6.40 and prior P-8478V-5.7.22 and prior Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H). Fix has been released CVE-2018-3060 P-8478V-5.7.22 and prior P-8478V-8.0.11 and prior 6.5 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8478V-5.7.22 and prior P-8478V-8.0.11 and prior Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-3061 P-8478V-5.7.22 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8478V-5.7.22 and prior Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-3062 P-8478V-5.6.40 and prior P-8478V-5.7.22 and prior P-8478V-8.0.11 and prior 5.3 AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8478V-5.6.40 and prior P-8478V-5.7.22 and prior P-8478V-8.0.11 and prior Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.60 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-3063 P-8478V-5.5.60 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8478V-5.5.60 and prior Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H). Fix has been released CVE-2018-3064 P-8478V-5.6.40 and prior P-8478V-5.7.22 and prior P-8478V-8.0.11 and prior 7.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8478V-5.6.40 and prior P-8478V-5.7.22 and prior P-8478V-8.0.11 and prior Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-3065 P-8478V-5.7.22 and prior P-8478V-8.0.11 and prior 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8478V-5.7.22 and prior P-8478V-8.0.11 and prior Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N). Fix has been released CVE-2018-3066 P-8478V-5.5.60 and prior P-8478V-5.6.40 and prior P-8478V-5.7.22 and prior 3.3 AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8478V-5.5.60 and prior P-8478V-5.6.40 and prior P-8478V-5.7.22 and prior Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-3067 P-8478V-8.0.11 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8478V-8.0.11 and prior Vulnerability in the PeopleSoft Enterprise HCM Human Resources component of Oracle PeopleSoft Products (subcomponent: Compensation). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise HCM Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Human Resources accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2018-3068 P-5071V-9.2 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-5071V-9.2 Vulnerability in the Oracle Agile Product Lifecycle Management for Process component of Oracle Supply Chain Products Suite (subcomponent: Installation). The supported version that is affected is 6.2.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Agile Product Lifecycle Management for Process accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). Fix has been released CVE-2018-3069 P-4445V-6.2.0.0 2.7 AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-4445V-6.2.0.0 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-3070 P-8478V-5.5.60 and prior P-8478V-5.6.40 and prior P-8478V-5.7.22 and prior 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8478V-5.5.60 and prior P-8478V-5.6.40 and prior P-8478V-5.7.22 and prior Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Audit Log). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-3071 P-8478V-5.7.22 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8478V-5.7.22 and prior Vulnerability in the PeopleSoft HRMS component of Oracle PeopleSoft Products (subcomponent: Candidate Gateway). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft HRMS. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft HRMS accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Fix has been released CVE-2018-3072 P-5043V-9.2 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-5043V-9.2 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-3073 P-8478V-8.0.11 and prior 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8478V-8.0.11 and prior Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.11 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-3074 P-8478V-8.0.11 and prior 5.3 AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8478V-8.0.11 and prior Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-3075 P-8478V-8.0.11 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8478V-8.0.11 and prior Vulnerability in the PeopleSoft Enterprise CS Financial Aid component of Oracle PeopleSoft Products (subcomponent: ISIR Processing). Supported versions that are affected are 9.0 and 9.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Financial Aid. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise CS Financial Aid accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). Fix has been released CVE-2018-3076 P-5178V-9.0 P-5178V-9.2 2.7 AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-5178V-9.0 P-5178V-9.2 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-3077 P-8478V-5.7.22 and prior P-8478V-8.0.11 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8478V-5.7.22 and prior P-8478V-8.0.11 and prior Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-3078 P-8478V-8.0.11 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8478V-8.0.11 and prior Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-3079 P-8478V-8.0.11 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8478V-8.0.11 and prior Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-3080 P-8478V-8.0.11 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8478V-8.0.11 and prior Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.0 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H). Fix has been released CVE-2018-3081 P-8478V-5.5.60 and prior P-8478V-5.6.40 and prior P-8478V-5.7.22 and prior P-8478V-8.0.11 and prior 5.0 AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8478V-5.5.60 and prior P-8478V-5.6.40 and prior P-8478V-5.7.22 and prior P-8478V-8.0.11 and prior Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). Fix has been released CVE-2018-3082 P-8478V-8.0.11 and prior 2.7 AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8478V-8.0.11 and prior Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell: Core / Client). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 2.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L). Fix has been released CVE-2018-3084 P-8478V-8.0.11 and prior 2.8 AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8478V-8.0.11 and prior Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H). Fix has been released CVE-2018-3085 P-8370V-Prior to 5.2.16 8.5 AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8370V-Prior to 5.2.16 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). Fix has been released CVE-2018-3086 P-8370V-Prior to 5.2.16 8.6 AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8370V-Prior to 5.2.16 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). Fix has been released CVE-2018-3087 P-8370V-Prior to 5.2.16 8.6 AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8370V-Prior to 5.2.16 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). Fix has been released CVE-2018-3088 P-8370V-Prior to 5.2.16 8.6 AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8370V-Prior to 5.2.16 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). Fix has been released CVE-2018-3089 P-8370V-Prior to 5.2.16 8.6 AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8370V-Prior to 5.2.16 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). Fix has been released CVE-2018-3090 P-8370V-Prior to 5.2.16 8.6 AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8370V-Prior to 5.2.16 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N). Fix has been released CVE-2018-3091 P-8370V-Prior to 5.2.16 6.3 AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-8370V-Prior to 5.2.16 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L). Fix has been released CVE-2018-3092 P-2276V-8.5.3 7.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-2276V-8.5.3 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L). Fix has been released CVE-2018-3093 P-2276V-8.5.3 7.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-2276V-8.5.3 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L). Fix has been released CVE-2018-3094 P-2276V-8.5.3 7.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-2276V-8.5.3 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L). Fix has been released CVE-2018-3095 P-2276V-8.5.3 7.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-2276V-8.5.3 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L). Fix has been released CVE-2018-3096 P-2276V-8.5.3 7.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-2276V-8.5.3 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L). Fix has been released CVE-2018-3097 P-2276V-8.5.3 7.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-2276V-8.5.3 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L). Fix has been released CVE-2018-3098 P-2276V-8.5.3 7.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-2276V-8.5.3 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L). Fix has been released CVE-2018-3099 P-2276V-8.5.3 7.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-2276V-8.5.3 Vulnerability in the Oracle Business Process Management Suite component of Oracle Fusion Middleware (subcomponent: Process Analysis & Discovery). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Business Process Management Suite accessible data as well as unauthorized access to critical data or complete access to all Oracle Business Process Management Suite accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). Fix has been released CVE-2018-3100 P-5325V-11.1.1.7.0 P-5325V-11.1.1.9.0 P-5325V-12.1.3.0.0 P-5325V-12.2.1.2.0 P-5325V-12.2.1.3.0 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-5325V-11.1.1.7.0 P-5325V-11.1.1.9.0 P-5325V-12.1.3.0.0 P-5325V-12.2.1.2.0 P-5325V-12.2.1.3.0 Vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: Portlet Services). Supported versions that are affected are 11.1.1.9.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Portal accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Fix has been released CVE-2018-3101 P-1696V-11.1.1.9.0 P-1696V-12.2.1.2.0 P-1696V-12.2.1.3.0 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-1696V-11.1.1.9.0 P-1696V-12.2.1.2.0 P-1696V-12.2.1.3.0 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L). Fix has been released CVE-2018-3102 P-2276V-8.5.3 7.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-2276V-8.5.3 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L). Fix has been released CVE-2018-3103 P-2276V-8.5.3 7.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-2276V-8.5.3 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L). Fix has been released CVE-2018-3104 P-2276V-8.5.3 7.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-2276V-8.5.3 Vulnerability in the Oracle SOA Suite component of Oracle Fusion Middleware (subcomponent: Health Care FastPath). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle SOA Suite. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle SOA Suite accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). Fix has been released CVE-2018-3105 P-1162V-11.1.1.7.0 P-1162V-11.1.1.9.0 P-1162V-12.1.3.0.0 P-1162V-12.2.1.2.0 P-1162V-12.2.1.3.0 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-1162V-11.1.1.7.0 P-1162V-11.1.1.9.0 P-1162V-12.1.3.0.0 P-1162V-12.2.1.2.0 P-1162V-12.2.1.3.0 Vulnerability in the Oracle Fusion Middleware component of Oracle Fusion Middleware (subcomponent: Oracle Notification Service). Supported versions that are affected are 12.2.1.2 and 12.2.1.3. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Fusion Middleware accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2018-3108 P-1032V-12.2.1.2 P-1032V-12.2.1.3 5.3 AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-1032V-12.2.1.2 P-1032V-12.2.1.3 Vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Map Builder). Supported versions that are affected are 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Fusion Middleware MapViewer. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Fusion Middleware MapViewer accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2018-3109 P-1215V-12.2.1.2 P-1215V-12.2.1.3 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-1215V-12.2.1.2 P-1215V-12.2.1.3 Vulnerability in the Enterprise Manager for Virtualization component of Oracle Enterprise Manager Products Suite (subcomponent: Plug-In Lifecycle (jackson-databind)). Supported versions that are affected are 13.2.2 and 13.2.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager for Virtualization. Successful attacks of this vulnerability can result in takeover of Enterprise Manager for Virtualization. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-7489 P-9586V-13.2.2 P-9586V-13.2.3 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-9586V-13.2.2 P-9586V-13.2.3 Vulnerability in the Oracle Global Lifecycle Management OPatchAuto component of Oracle Global Lifecycle Management (subcomponent: DB specific extensions (jackson-databind)). The supported version that is affected is All. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Global Lifecycle Management OPatchAuto. Successful attacks of this vulnerability can result in takeover of Oracle Global Lifecycle Management OPatchAuto. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-7489 P-12752V-All 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-12752V-All Vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: Security Framework (jackson-databind)). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Portal. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-7489 P-1696V-12.2.1.3.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-1696V-12.2.1.3.0 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Console (jackson-databind)). Supported versions that are affected are 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-7489 P-5242V-12.2.1.2 P-5242V-12.2.1.3 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-5242V-12.2.1.2 P-5242V-12.2.1.3 Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure component of Oracle Financial Services Applications (subcomponent: Link Analysis and Metadata browser (Apache Batik)). Supported versions that are affected are 7.3.3.x and 8.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Analytical Applications Infrastructure. Note: Please refer MOS document (<a href="https://support.oracle.com/rs?type=doc&id=2380553.1">Doc ID 2380553.1)</a> for applicability across other Oracle Financial Services products. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Fix has been released CVE-2018-8013 P-5680V-7.3.3.x P-5680V-8.0.x 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-5680V-7.3.3.x P-5680V-8.0.x Vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Install (Apache Batik)). Supported versions that are affected are 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Fusion Middleware MapViewer. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Fusion Middleware MapViewer accessible data as well as unauthorized read access to a subset of Oracle Fusion Middleware MapViewer accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Fusion Middleware MapViewer. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Fix has been released CVE-2018-8013 P-1215V-12.2.1.2 P-1215V-12.2.1.3 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CPUJul2018 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2018.html P-1215V-12.2.1.2 P-1215V-12.2.1.3