Oracle Critical Patch Update Advisory - July 2012 - BETA ORACLE CVRF Oracle Critical Patch Update Advisory CPUJul2012 Final 1.0 1.0 2012-07-17T13:00:00-07:00 Initial Distribution 2012-07-17T13:00:00-07:00 2012-07-17T13:00:00-07:00 This document contains descriptions of Oracle product security vulnerabilities which have had fixes released for all supported versions and platforms for the associated product. Additional information regarding these vulnerabilities including fix distribution information can be found at the Oracle sites referenced in this document. This document is published at: http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/1695912.xml https://www.oracle.com/security-alerts/cpujul2012.html URL to html version of Advisory Alexander Kornbrust Red Database Security Christian Schneider Christian Schneider Daniel Bradley Postal Options Limited Deniz Cevik Biznet Dennis Yurichev Dennis Yurichev Enrico Milanese Emaze Networks S.p.A Esteban Martinez Fayo Application Security, Inc. Francis Provencher Secunia Research Jens Elkner Otto-von-Guericke University Joe Moore Pentest Limited Martin Carpenter Citco Microsoft Vulnerability Research Microsoft Corp Mike Gerdts Mike Gerdts Ofer Maor Hacktics Paul Harrington NGS Secure Paul Ritchie NGS Secure Sami Piiroinen Louhi Security Oy Stephen Kost Integrigy Steven Seeley Corelan Team Will Dormann CERT/CC Application Express Listener Version 1.1-ea Application Express Listener Version 1.1.1 Application Express Listener Version 1.1.2 Application Express Listener Version 1.1.3 Oracle Database Version 11.1.0.7 Oracle Database Version 11.2.0.2 Oracle Database Version 11.2.0.3 Advanced Networking Option Version 10.2.0.3 Advanced Networking Option Version 10.2.0.4 Advanced Networking Option Version 10.2.0.5 Advanced Networking Option Version 11.1.0.7 Advanced Networking Option Version 11.2.0.2 Advanced Networking Option Version 11.2.0.3 Oracle E-Business Intelligence Version 11.5.10.2 Oracle E-Business Intelligence Version 12.0.4 Oracle E-Business Intelligence Version 12.0.6 Oracle E-Business Intelligence Version 12.1.1 Oracle E-Business Intelligence Version 12.1.2 Oracle E-Business Intelligence Version 12.1.3 Oracle Application Object Library Version 11.5.10.2 Oracle Application Object Library Version 12.0.4 Oracle Application Object Library Version 12.0.6 Oracle Application Object Library Version 12.1.1 Oracle Application Object Library Version 12.1.2 Oracle Application Object Library Version 12.1.3 Enterprise Manager for Oracle Database Version EM Base Platform 10.2.0.5 Enterprise Manager for Oracle Database Version EM Base Platform 11.1.0.1 Enterprise Manager for Oracle Database Version EM Plugin for DB 12.1.0.1 Enterprise Manager for Oracle Database Version EM Plugin for DB 12.1.0.2 Portal Version - Oracle HTTP Server Version 10.1.3.5 Oracle HTTP Server Version 11.1.1.5 Oracle HTTP Server Version 11.1.1.6 Oracle HTTP Server Version 11.1.2.0 Oracle 9iAS MapViewer Version 10.1.3.1 Oracle 9iAS MapViewer Version 11.1.1.5 Oracle 9iAS MapViewer Version 11.1.1.6 Enterprise Manager for iAS Version 10.1.3.5 Oracle Outside In Technology Version 8.3.5 Oracle Outside In Technology Version 8.3.7 Oracle JRockit Version 27.7.2 and before: JKD/JRE 5 and 6 Oracle JRockit Version 28.2.3 and before: JDK/JRE 5 and 6 Hyperion BI+ Version 11.1.1.3 and earlier Oracle Clinical RDC Option Version 4.6.0.x Oracle Clinical RDC Option Version 4.6.2 Oracle Clinical RDC Option Version 4.6.3 MySQL Server Version 5.1.62 and earlier MySQL Server Version 5.5.22 and earlier MySQL Server Version 5.5.23 and earlier PeopleSoft Enterprise HRMS Candidate Gateway Version 9.0.20 PeopleSoft Enterprise HRMS Candidate Gateway Version 9.1 PeopleSoft Enterprise HRMS ePerformance Version 9.0.20 PeopleSoft Enterprise PT PeopleTools Version 8.50 PeopleSoft Enterprise PT PeopleTools Version 8.51 PeopleSoft Enterprise PT PeopleTools Version 8.52 Oracle Secure Backup Version 10.3.0.3 Oracle Secure Backup Version 10.4.0.1 Siebel UI Framework Version 8.1.1 Siebel UI Framework Version 8.2.2 Oracle GlassFish Server Version 3.0.1 Oracle GlassFish Server Version 3.1.1 Oracle iPlanet Web Server Version Java System Web Server 6.1 Oracle iPlanet Web Server Version Oracle iPlanet Web Server 7.0 Solaris Products Version 10 Solaris Products Version 11 Solaris Products Version 3.3 Solaris Products Version 8 Solaris Products Version 9 Solaris Products Version System Firmware 8.1.4.e or earlier Solaris Products Version System Firmware 8.2.0 Transportation Management Version 5.5.06 Transportation Management Version 6.0 Transportation Management Version 6.1 Transportation Management Version 6.2 Oracle AutoVue Electro-Mechanical Professional Version 20.0.2 Oracle AutoVue Electro-Mechanical Professional Version 20.1 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: TCP/IP). Supported versions that are affected are 8, 9 and 10. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 6.4 (Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:P). Fix has been released CVE-2001-0323 P-8752V-8 P-8752V-9 P-8752V-10 6.4 AV:N/AC:L/Au:N/C:N/I:P/A:P CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-8752V-8 P-8752V-9 P-8752V-10 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: TCP/IP). Supported versions that are affected are 8, 9 and 10. Difficult to exploit vulnerability allows successful unauthenticated network attacks via TCP. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 7.1 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C). Fix has been released CVE-2008-4609 P-8752V-8 P-8752V-9 P-8752V-10 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-8752V-8 P-8752V-9 P-8752V-10 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Library/libc). Supported versions that are affected are 9 and 10. Difficult to exploit vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 4.3 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P). Fix has been released CVE-2011-0419 P-8752V-9 P-8752V-10 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-8752V-9 P-8752V-10 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: TCP/IP). Supported versions that are affected are 8, 9 and 10. Easily exploitable vulnerability allows successful unauthenticated network attacks via IPv6. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data. CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). Fix has been released CVE-2011-2699 P-8752V-8 P-8752V-9 P-8752V-10 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-8752V-8 P-8752V-9 P-8752V-10 Vulnerability in the Apache component of Oracle Secure Backup. Supported versions that are affected are 10.3.0.3 and 10.4.0.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 7.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). Fix has been released CVE-2011-3192 P-1522V-10.3.0.3 P-1522V-10.4.0.1 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-1522V-10.3.0.3 P-1522V-10.4.0.1 Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). Supported versions that are affected are 10.1.3.5, 11.1.1.5 and 11.1.2.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle HTTP Server accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2011-3368 P-1042V-10.1.3.5 P-1042V-11.1.1.5 P-1042V-11.1.2.0 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-1042V-10.1.3.5 P-1042V-11.1.1.5 P-1042V-11.1.2.0 Vulnerability in the Portal component of Oracle Fusion Middleware. For supported versions that are affected see note. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Portal accessible data. Note: Fixed in all supported releases and patchsets. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2011-3562 P-96V-- 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-96V-- Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). Supported versions that are affected are 10.1.3.5, 11.1.1.5, 11.1.1.6 and 11.1.2.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle HTTP Server accessible data. Note: This also addresses the vulnerabilities of CVE-2011-3607, CVE-2012-0021, CVE-2012-0031 and CVE-2012-0053. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2011-4317 P-1042V-10.1.3.5 P-1042V-11.1.1.5 P-1042V-11.1.1.6 P-1042V-11.1.2.0 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-1042V-10.1.3.5 P-1042V-11.1.1.5 P-1042V-11.1.1.6 P-1042V-11.1.2.0 Vulnerability in the GlassFish Enterprise Server component of Oracle Sun Products Suite (subcomponent: JSF). Supported versions that are affected are 3.0.1 and 3.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some GlassFish Enterprise Server accessible data as well as read access to a subset of GlassFish Enterprise Server accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Fix has been released CVE-2011-4358 P-8493V-3.0.1 P-8493V-3.1.1 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-8493V-3.0.1 P-8493V-3.1.1 Vulnerability in the PHP component of Oracle Secure Backup. Supported versions that are affected are 10.3.0.3 and 10.4.0.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PHP. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P+). Fix has been released CVE-2011-4885 P-1522V-10.3.0.3 P-1522V-10.4.0.1 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-1522V-10.3.0.3 P-1522V-10.4.0.1 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: GIS Extension). Supported versions that are affected are 5.1.62 and earlier and 5.5.23 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2012-0540 P-8478V-5.1.62 and earlier P-8478V-5.5.23 and earlier 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-8478V-5.1.62 and earlier P-8478V-5.5.23 and earlier Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kerberos/klist). Supported versions that are affected are 9, 10 and 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Fix has been released CVE-2012-0563 P-8752V-9 P-8752V-10 P-8752V-11 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-8752V-9 P-8752V-10 P-8752V-11 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Logical Domains (LDOM)). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS) as well as update, insert or delete access to some Solaris accessible data. CVSS Base Score 5.6 (Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:P/A:C). Oracle Vector: (AV:L/AC:L/Au:N/C:N/I:P/A:C). Fix has been released CVE-2012-1687 P-8752V-10 P-8752V-11 5.6 AV:L/AC:L/Au:N/C:N/I:P/A:C CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-8752V-10 P-8752V-11 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.62 and earlier and 5.5.22 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2012-1689 P-8478V-5.1.62 and earlier P-8478V-5.5.22 and earlier 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-8478V-5.1.62 and earlier P-8478V-5.5.22 and earlier Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: HTML Pages). Supported versions that are affected are 11.5.10.2, 12.0.6 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Object Library accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-1715 P-510V-11.5.10.2 P-510V-12.0.6 P-510V-12.1.3 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-510V-11.5.10.2 P-510V-12.0.6 P-510V-12.1.3 Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Document Repository). Supported versions that are affected are 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2 and 12.1.3. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Object Library accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Fix has been released CVE-2012-1727 P-510V-11.5.10.2 P-510V-12.0.4 P-510V-12.0.6 P-510V-12.1.1 P-510V-12.1.2 P-510V-12.1.3 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-510V-11.5.10.2 P-510V-12.0.4 P-510V-12.0.6 P-510V-12.1.1 P-510V-12.1.2 P-510V-12.1.3 Vulnerability in the Siebel CRM component of Oracle Siebel CRM (subcomponent: Portal Framework). Supported versions that are affected are 8.1.1 and 8.2.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Siebel CRM accessible data as well as read access to a subset of Siebel CRM accessible data. CVSS Base Score 5.8 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N). Fix has been released CVE-2012-1728 P-9011V-8.1.1 P-9011V-8.2.2 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-9011V-8.1.1 P-9011V-8.2.2 Vulnerability in the Hyperion BI+ component of Oracle Hyperion (subcomponent: UI and Visualization). Supported versions that are affected are 11.1.1.3 and earlier. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Hyperion BI+ accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-1729 P-4361V-11.1.1.3 and earlier 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-4361V-11.1.1.3 and earlier Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Password Management). Supported versions that are affected are 11.5.10.2, 12.0.6 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Object Library accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-1730 P-510V-11.5.10.2 P-510V-12.0.6 P-510V-12.1.3 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-510V-11.5.10.2 P-510V-12.0.6 P-510V-12.1.3 Vulnerability in the Siebel CRM component of Oracle Siebel CRM (subcomponent: Web UI). Supported versions that are affected are 8.1.1 and 8.2.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Siebel CRM accessible data as well as read access to a subset of Siebel CRM accessible data and ability to cause a partial denial of service (partial DOS) of Siebel CRM. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). Fix has been released CVE-2012-1731 P-9011V-8.1.1 P-9011V-8.2.2 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-9011V-8.1.1 P-9011V-8.2.2 Vulnerability in the Siebel CRM component of Oracle Siebel CRM (subcomponent: UI Framework). Supported versions that are affected are 8.1.1 and 8.2.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Siebel CRM accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Fix has been released CVE-2012-1732 P-9011V-8.1.1 P-9011V-8.2.2 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-9011V-8.1.1 P-9011V-8.2.2 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: CM). Supported versions that are affected are 8.50, 8.51 and 8.52. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). Fix has been released CVE-2012-1733 P-5085V-8.50 P-5085V-8.51 P-5085V-8.52 3.5 AV:N/AC:M/Au:S/C:P/I:N/A:N CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-5085V-8.50 P-5085V-8.51 P-5085V-8.52 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.62 and earlier and 5.5.23 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2012-1734 P-8478V-5.1.62 and earlier P-8478V-5.5.23 and earlier 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-8478V-5.1.62 and earlier P-8478V-5.5.23 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.5.23 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 6.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C). Fix has been released CVE-2012-1735 P-8478V-5.5.23 and earlier 6.8 AV:N/AC:L/Au:S/C:N/I:N/A:C CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-8478V-5.5.23 and earlier Vulnerability in the Oracle MapViewer component of Oracle Fusion Middleware (subcomponent: Oracle Maps). The supported version that is affected is 10.1.3.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to all Oracle MapViewer accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:N/A:N). Fix has been released CVE-2012-1736 P-1215V-10.1.3.1 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-1215V-10.1.3.1 Vulnerability in the Enterprise Manager for Oracle Database component of Oracle Enterprise Manager Grid Control (subcomponent: DB Performance Advisories/UIs). Supported versions that are affected are EM Base Platform 10.2.0.5, EM Base Platform 11.1.0.1, EM Plugin for DB 12.1.0.1 and EM Plugin for DB 12.1.0.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager for Oracle Database accessible data as well as read access to a subset of Enterprise Manager for Oracle Database accessible data and ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). Fix has been released CVE-2012-1737 P-1366V-EM Base Platform 10.2.0.5 P-1366V-EM Base Platform 11.1.0.1 P-1366V-EM Plugin for DB 12.1.0.1 P-1366V-EM Plugin for DB 12.1.0.2 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-1366V-EM Base Platform 10.2.0.5 P-1366V-EM Base Platform 11.1.0.1 P-1366V-EM Plugin for DB 12.1.0.1 P-1366V-EM Plugin for DB 12.1.0.2 Vulnerability in the Oracle iPlanet Web Server component of Oracle Sun Products Suite (subcomponent: Web Server). Supported versions that are affected are Java System Web Server 6.1 and Oracle iPlanet Web Server 7.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle iPlanet Web Server. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P+). Fix has been released CVE-2012-1738 P-8543V-Java System Web Server 6.1 P-8543V-Oracle iPlanet Web Server 7.0 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-8543V-Java System Web Server 6.1 P-8543V-Oracle iPlanet Web Server 7.0 Vulnerability in the Oracle E-Business Intelligence component of Oracle E-Business Suite (subcomponent: Financials Business Intelligence). Supported versions that are affected are 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2 and 12.1.3. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle E-Business Intelligence accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Fix has been released CVE-2012-1739 P-163V-11.5.10.2 P-163V-12.0.4 P-163V-12.0.6 P-163V-12.1.1 P-163V-12.1.2 P-163V-12.1.3 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-163V-11.5.10.2 P-163V-12.0.4 P-163V-12.0.6 P-163V-12.1.1 P-163V-12.1.2 P-163V-12.1.3 Vulnerability in the Oracle Application Express Listener component of Oracle Application Express Listener. Supported versions that are affected are 1.1-ea, 1.1.1, 1.1.2 and 1.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to any arbitrary Operating System location. Note: The CVSS Base Score is 7.8 only for Windows. For Linux, Unix and other platforms, the CVSS Base Score is 5.0, and the impact for Confidentiality is Partial+. Application Express Listener is an Oracle product that is independent of Application Express, is not part of the Application Express distribution and can only be obtained via OTN downloads. It is used as an alternative method of providing TLS protected communication between Application Express and clients. Only those customers that have chosen to download and install this separate application need to apply this patch. CVSS Base Score 7.8 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N). Fix has been released CVE-2012-1740 P-9456V-1.1-ea P-9456V-1.1.1 P-9456V-1.1.2 P-9456V-1.1.3 7.8 AV:N/AC:L/Au:N/C:C/I:N/A:N CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-9456V-1.1-ea P-9456V-1.1.1 P-9456V-1.1.2 P-9456V-1.1.3 Vulnerability in the Enterprise Manager for Fusion Middleware component of Oracle Fusion Middleware (subcomponent: User Administration Pages). The supported version that is affected is 10.1.3.5. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager for Fusion Middleware accessible data as well as read access to a subset of Enterprise Manager for Fusion Middleware accessible data. CVSS Base Score 5.8 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N). Fix has been released CVE-2012-1741 P-1369V-10.1.3.5 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-1369V-10.1.3.5 Vulnerability in the Siebel CRM component of Oracle Siebel CRM (subcomponent: UI Framework). Supported versions that are affected are 8.1.1 and 8.2.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Siebel CRM. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Fix has been released CVE-2012-1742 P-9011V-8.1.1 P-9011V-8.2.2 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-9011V-8.1.1 P-9011V-8.2.2 Vulnerability in the Oracle Clinical Remote Data Capture Option component of Oracle Industry Applications (subcomponent: HTML Surround). Supported versions that are affected are 4.6.0.x, 4.6.2 and 4.6.3. Difficult to exploit vulnerability allows successful network attacks via HTTP, requiring multiple authentications. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Clinical Remote Data Capture Option accessible data. CVSS Base Score 2.8 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:M/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:M/Au:M/C:P/I:N/A:N). Fix has been released CVE-2012-1743 P-1041V-4.6.0.x P-1041V-4.6.2 P-1041V-4.6.3 2.8 AV:N/AC:M/Au:M/C:P/I:N/A:N CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-1041V-4.6.0.x P-1041V-4.6.2 P-1041V-4.6.3 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.3.5 and 8.3.7. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Fix has been released CVE-2012-1744 P-2276V-8.3.5 P-2276V-8.3.7 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-2276V-8.3.5 P-2276V-8.3.7 Vulnerability in the Network Layer component of Oracle Database Server. Supported versions that are affected are 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2 and 11.2.0.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Network Layer. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P+). Fix has been released CVE-2012-1745 P-219V-10.2.0.3 P-219V-10.2.0.4 P-219V-10.2.0.5 P-219V-11.1.0.7 P-219V-11.2.0.2 P-219V-11.2.0.3 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-219V-10.2.0.3 P-219V-10.2.0.4 P-219V-10.2.0.5 P-219V-11.1.0.7 P-219V-11.2.0.2 P-219V-11.2.0.3 Vulnerability in the Network Layer component of Oracle Database Server. Supported versions that are affected are 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2 and 11.2.0.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Network Layer. Note: The vulnerability affects Microsoft Windows platforms only. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P+). Fix has been released CVE-2012-1746 P-219V-10.2.0.3 P-219V-10.2.0.4 P-219V-10.2.0.5 P-219V-11.1.0.7 P-219V-11.2.0.2 P-219V-11.2.0.3 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-219V-10.2.0.3 P-219V-10.2.0.4 P-219V-10.2.0.5 P-219V-11.1.0.7 P-219V-11.2.0.2 P-219V-11.2.0.3 Vulnerability in the Network Layer component of Oracle Database Server. Supported versions that are affected are 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2 and 11.2.0.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Network Layer. Note: The vulnerability affects Microsoft Windows platforms only. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P+). Fix has been released CVE-2012-1747 P-219V-10.2.0.3 P-219V-10.2.0.4 P-219V-10.2.0.5 P-219V-11.1.0.7 P-219V-11.2.0.2 P-219V-11.2.0.3 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-219V-10.2.0.3 P-219V-10.2.0.4 P-219V-10.2.0.5 P-219V-11.1.0.7 P-219V-11.2.0.2 P-219V-11.2.0.3 Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: Candidate Gateway). The supported version that is affected is 9.1. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HRMS accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Fix has been released CVE-2012-1748 P-5043V-9.1 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-5043V-9.1 Vulnerability in the Oracle MapViewer component of Oracle Fusion Middleware (subcomponent: Oracle Maps). Supported versions that are affected are 10.1.3.1 and 11.1.1.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to all Oracle MapViewer accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:N/A:N). Fix has been released CVE-2012-1749 P-1215V-10.1.3.1 P-1215V-11.1.1.5 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-1215V-10.1.3.1 P-1215V-11.1.1.5 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: mailx(1)). Supported versions that are affected are 8, 9, 10 and 11. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 4.4 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:P). Fix has been released CVE-2012-1750 P-8752V-8 P-8752V-9 P-8752V-10 P-8752V-11 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-8752V-8 P-8752V-9 P-8752V-10 P-8752V-11 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel/NFS). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). Oracle Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). Fix has been released CVE-2012-1752 P-8752V-11 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-8752V-11 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PC). Supported versions that are affected are 8.50, 8.51 and 8.52. Difficult to exploit vulnerability allows successful network attacks via HTTP, requiring multiple authentications. Successful attack of this vulnerability can result in unauthorized read access to all PeopleSoft Enterprise PeopleTools accessible data as well as update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data and ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools. CVSS Base Score 5.4 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:M/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:M/Au:M/C:P+/I:P/A:P). Fix has been released CVE-2012-1753 P-5085V-8.50 P-5085V-8.51 P-5085V-8.52 5.4 AV:N/AC:M/Au:M/C:P/I:P/A:P CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-5085V-8.50 P-5085V-8.51 P-5085V-8.52 Vulnerability in the Siebel CRM component of Oracle Siebel CRM (subcomponent: UI Framework). Supported versions that are affected are 8.1.1 and 8.2.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Siebel CRM accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Fix has been released CVE-2012-1754 P-9011V-8.1.1 P-9011V-8.2.2 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-9011V-8.1.1 P-9011V-8.2.2 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server). Supported versions that are affected are 5.5.23 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2012-1756 P-8478V-5.5.23 and earlier 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-8478V-5.5.23 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.23 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2012-1757 P-8478V-5.5.23 and earlier 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-8478V-5.5.23 and earlier Vulnerability in the Oracle AutoVue component of Oracle Supply Chain Products Suite. Supported versions that are affected are 20.0.2 and 20.1. Easily exploitable vulnerability allows successful authenticated network attacks via File. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle AutoVue. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Fix has been released CVE-2012-1758 P-4453V-20.0.2 P-4453V-20.1 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-4453V-20.0.2 P-4453V-20.1 Vulnerability in the Oracle AutoVue component of Oracle Supply Chain Products Suite. Supported versions that are affected are 20.0.2 and 20.1. Easily exploitable vulnerability allows successful authenticated network attacks via File. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle AutoVue . CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Fix has been released CVE-2012-1759 P-4453V-20.0.2 P-4453V-20.1 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-4453V-20.0.2 P-4453V-20.1 Vulnerability in the Siebel CRM component of Oracle Siebel CRM (subcomponent: UI Framework). Supported versions that are affected are 8.1.1 and 8.2.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM. CVSS Base Score 4.3 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P+). Fix has been released CVE-2012-1760 P-9011V-8.1.1 P-9011V-8.2.2 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-9011V-8.1.1 P-9011V-8.2.2 Vulnerability in the Siebel CRM component of Oracle Siebel CRM (subcomponent: UI Framework). Supported versions that are affected are 8.1.1 and 8.2.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Siebel CRM accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-1761 P-9011V-8.1.1 P-9011V-8.2.2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-9011V-8.1.1 P-9011V-8.2.2 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: TECH). Supported versions that are affected are 8.50, 8.51 and 8.52. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Fix has been released CVE-2012-1762 P-5085V-8.50 P-5085V-8.51 P-5085V-8.52 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-5085V-8.50 P-5085V-8.51 P-5085V-8.52 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: MCF). Supported versions that are affected are 8.50, 8.51 and 8.52. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Fix has been released CVE-2012-1764 P-5085V-8.50 P-5085V-8.51 P-5085V-8.52 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-5085V-8.50 P-5085V-8.51 P-5085V-8.52 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Branded Zone). The supported version that is affected is 10. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized write access to any arbitrary Operating System location. CVSS Base Score 4.7 (Integrity impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:C/A:N). Oracle Vector: (AV:L/AC:M/Au:N/C:N/I:C/A:N). Fix has been released CVE-2012-1765 P-8752V-10 4.7 AV:L/AC:M/Au:N/C:N/I:C/A:N CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-8752V-10 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.3.5 and 8.3.7. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Fix has been released CVE-2012-1766 P-2276V-8.3.5 P-2276V-8.3.7 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-2276V-8.3.5 P-2276V-8.3.7 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.3.5 and 8.3.7. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Fix has been released CVE-2012-1767 P-2276V-8.3.5 P-2276V-8.3.7 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-2276V-8.3.5 P-2276V-8.3.7 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.3.7. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Fix has been released CVE-2012-1768 P-2276V-8.3.7 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-2276V-8.3.7 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.3.5 and 8.3.7. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Fix has been released CVE-2012-1769 P-2276V-8.3.5 P-2276V-8.3.7 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-2276V-8.3.5 P-2276V-8.3.7 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.3.5 and 8.3.7. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Fix has been released CVE-2012-1770 P-2276V-8.3.5 P-2276V-8.3.7 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-2276V-8.3.5 P-2276V-8.3.7 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.3.5 and 8.3.7. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Fix has been released CVE-2012-1771 P-2276V-8.3.5 P-2276V-8.3.7 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-2276V-8.3.5 P-2276V-8.3.7 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.3.5 and 8.3.7. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Fix has been released CVE-2012-1772 P-2276V-8.3.5 P-2276V-8.3.7 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-2276V-8.3.5 P-2276V-8.3.7 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.3.5 and 8.3.7. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Fix has been released CVE-2012-1773 P-2276V-8.3.5 P-2276V-8.3.7 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-2276V-8.3.5 P-2276V-8.3.7 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.3.5 and 8.3.7. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Fix has been released CVE-2012-3106 P-2276V-8.3.5 P-2276V-8.3.7 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-2276V-8.3.5 P-2276V-8.3.7 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.3.5 and 8.3.7. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Fix has been released CVE-2012-3107 P-2276V-8.3.5 P-2276V-8.3.7 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-2276V-8.3.5 P-2276V-8.3.7 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.3.5 and 8.3.7. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Fix has been released CVE-2012-3108 P-2276V-8.3.5 P-2276V-8.3.7 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-2276V-8.3.5 P-2276V-8.3.7 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.3.7. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Fix has been released CVE-2012-3109 P-2276V-8.3.7 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-2276V-8.3.7 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.3.5 and 8.3.7. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Fix has been released CVE-2012-3110 P-2276V-8.3.5 P-2276V-8.3.7 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-2276V-8.3.5 P-2276V-8.3.7 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: TECH). Supported versions that are affected are 8.50, 8.51 and 8.52. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:N/I:P+/A:N). Fix has been released CVE-2012-3111 P-5085V-8.50 P-5085V-8.51 P-5085V-8.52 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-5085V-8.50 P-5085V-8.51 P-5085V-8.52 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Solaris Management Console). The supported version that is affected is 10. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-3112 P-8752V-10 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-8752V-10 Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: EPERF). The supported version that is affected is 9.0.20. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise HRMS accessible data as well as read access to a subset of PeopleSoft Enterprise HRMS accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). Fix has been released CVE-2012-3113 P-5050V-9.0.20 5.5 AV:N/AC:L/Au:S/C:P/I:P/A:N CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-5050V-9.0.20 Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite. Supported versions that are affected are 5.5.06, 6.0, 6.1 and 6.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Transportation Management accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-3114 P-1991V-5.5.06 P-1991V-6.0 P-1991V-6.1 P-1991V-6.2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-1991V-5.5.06 P-1991V-6.0 P-1991V-6.1 P-1991V-6.2 Vulnerability in the Oracle MapViewer component of Oracle Fusion Middleware (subcomponent: Install). Supported versions that are affected are 10.1.3.1, 11.1.1.5 and 11.1.1.6. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle MapViewer accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-3115 P-1215V-10.1.3.1 P-1215V-11.1.1.5 P-1215V-11.1.1.6 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-1215V-10.1.3.1 P-1215V-11.1.1.5 P-1215V-11.1.1.6 Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite. Supported versions that are affected are 5.5.06, 6.0, 6.1 and 6.2. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Transportation Management accessible data. CVSS Base Score 1.9 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:L/AC:M/Au:N/C:P/I:N/A:N). Fix has been released CVE-2012-3116 P-1991V-5.5.06 P-1991V-6.0 P-1991V-6.1 P-1991V-6.2 1.9 AV:L/AC:M/Au:N/C:P/I:N/A:N CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-1991V-5.5.06 P-1991V-6.0 P-1991V-6.1 P-1991V-6.2 Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite. Supported versions that are affected are 5.5.06, 6.0, 6.1 and 6.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Transportation Management accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Fix has been released CVE-2012-3117 P-1991V-5.5.06 P-1991V-6.0 P-1991V-6.1 P-1991V-6.2 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-1991V-5.5.06 P-1991V-6.0 P-1991V-6.1 P-1991V-6.2 Vulnerability in the PeoleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PANPROC). The supported version that is affected is 8.52. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeoleSoft Enterprise PeopleTools accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Fix has been released CVE-2012-3118 P-5085V-8.52 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-5085V-8.52 Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: Candidate Gateway). The supported version that is affected is 9.0.20. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP . Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HRMS accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Fix has been released CVE-2012-3119 P-5043V-9.0.20 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-5043V-9.0.20 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: TCP/IP). The supported version that is affected is 8. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 7.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). Fix has been released CVE-2012-3120 P-8752V-8 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-8752V-8 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: in.tnamed(1M)). Supported versions that are affected are 9 and 10. Easily exploitable vulnerability allows successful unauthenticated network attacks via NameServer. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Fix has been released CVE-2012-3121 P-8752V-9 P-8752V-10 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-8752V-9 P-8752V-10 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: sort(1)). Supported versions that are affected are 8 and 9. Very difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data. CVSS Base Score 2.6 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:L/AC:H/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:L/AC:H/Au:N/C:P/I:P/A:N). Fix has been released CVE-2012-3122 P-8752V-8 P-8752V-9 2.6 AV:L/AC:H/Au:N/C:P/I:P/A:N CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-8752V-8 P-8752V-9 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Apache HTTP Server). The supported version that is affected is 10. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2012-3123 P-8752V-10 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-8752V-10 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel/KSSL). The supported version that is affected is 10. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSL. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Fix has been released CVE-2012-3124 P-8752V-10 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-8752V-10 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: TCP/IP). Supported versions that are affected are 8, 9 and 10. Difficult to exploit vulnerability allows successful unauthenticated network attacks via TCP. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 7.1 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C). Fix has been released CVE-2012-3125 P-8752V-8 P-8752V-9 P-8752V-10 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-8752V-8 P-8752V-9 P-8752V-10 Vulnerability in the Solaris Cluster component of Oracle Sun Products Suite (subcomponent: Apache Tomcat Agent). The supported version that is affected is 3.3. Very difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:L/AC:H/Au:N/C:C/I:C/A:C). Fix has been released CVE-2012-3126 P-8752V-3.3 6.2 AV:L/AC:H/Au:N/C:C/I:C/A:C CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-8752V-3.3 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: SCTP(7P)). The supported version that is affected is 10. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via SCTP. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 5.4 (Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:N/I:N/A:C). Oracle Vector: (AV:N/AC:H/Au:N/C:N/I:N/A:C). Fix has been released CVE-2012-3127 P-8752V-10 5.4 AV:N/AC:H/Au:N/C:N/I:N/A:C CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-8752V-10 Vulnerability in the SPARC T-Series Servers component of Oracle Sun Products Suite (subcomponent: Integrated Lights Out Manager). Supported versions that are affected are System Firmware 8.1.4.e or earlier and System Firmware 8.2.0. Very difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some SPARC T-Series Servers accessible data as well as read access to a subset of SPARC T-Series Servers accessible data and ability to cause a partial denial of service (partial DOS) of SPARC T-Series Servers. Note: CVE-2012-3128: Specific server products affected are: SPARC T4-1, SPARC T4-1B, SPARC T4-2, SPARC T4-4, Netra SPARC T4-1, Netra SPARC T4-1B, Netra SPARC T4-2, SPARC T3-1, SPARC T3-1B, SPARC T3-2, SPARC T3-4, Netra SPARC T3-1, Netra SPARC T3-1B. CVSS Base Score 3.7 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:L/AC:H/Au:N/C:P/I:P/A:P). Fix has been released CVE-2012-3128 P-8752V-System Firmware 8.1.4.e or earlier P-8752V-System Firmware 8.2.0 3.7 AV:L/AC:H/Au:N/C:P/I:P/A:P CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-8752V-System Firmware 8.1.4.e or earlier P-8752V-System Firmware 8.2.0 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Gnome PDF viewer). The supported version that is affected is 10. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via None. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 5.1 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P). Fix has been released CVE-2012-3129 P-8752V-10 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-8752V-10 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: pkg.depotd(1M)). The supported version that is affected is 11. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-3130 P-8752V-11 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-8752V-11 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Network/NFS). Supported versions that are affected are 9, 10 and 11. Difficult to exploit vulnerability allows successful unauthenticated network attacks via NFS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data. CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). Fix has been released CVE-2012-3131 P-8752V-9 P-8752V-10 P-8752V-11 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-8752V-9 P-8752V-10 P-8752V-11 Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Create session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.2 and 11.2.0.3. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Core RDBMS. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2012-3134 P-5V-11.1.0.7 P-5V-11.2.0.2 P-5V-11.2.0.3 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-5V-11.1.0.7 P-5V-11.2.0.2 P-5V-11.2.0.3 Vulnerability in the Oracle JRockit component of Oracle Fusion Middleware. Supported versions that are affected are 28.2.3 and before: JDK/JRE 5 and 6 and 27.7.2 and before: JKD/JRE 5 and 6. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Oracle released a Java SE Critical Patch Update in June 2012 to address multiple vulnerabilities affecting the Java Runtime Environment. Oracle CVE-2012-3135 refers to the advisories that were applicable to JRockit from the Java SE Critical Patch Update. The CVSS score of this vulnerability CVE# reflects the highest among those fixed in JRockit. The complete list of all vulnerabilities addressed in JRockit under CVE-2012-3135 is as follows: CVE-2012-1713, CVE-2012-1724, CVE-2012-1718, CVE-2012-1717, and CVE-2012-1720. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Fix has been released CVE-2012-3135 P-5260V-28.2.3 and before: JDK/JRE 5 and 6 P-5260V-27.7.2 and before: JKD/JRE 5 and 6 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C CPUJul2012 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2012.html P-5260V-28.2.3 and before: JDK/JRE 5 and 6 P-5260V-27.7.2 and before: JKD/JRE 5 and 6