Oracle Critical Patch Update Advisory - January 2014 - Beta Oracle CVRF Oracle Critical Patch Update Advisory CPUJan2014 Final 1.0 1.0 2014-01-14T13:00:00-07:00 Initial Distribution 2014-01-14T13:00:00-07:00 2014-01-14T13:00:00-07:00 This document contains descriptions of Oracle product security vulnerabilities which have had fixes released for all supported versions and platforms for the associated product. Additional information regarding these vulnerabilities including fix distribution information can be found at the Oracle sites referenced in this document. This document is published at: http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/1932653.xml https://www.oracle.com/security-alerts/cpujan2014.html URL to html version of Advisory Abdullah Hussam Gazi Abdullah Hussam Gazi Adam Willard Foreground Security Alexander Kornbrust Red Database Security Alexey Tyurin ERPScan (Digital Security Research Group) Ali Hasan Ghauri Ali Hasan Ghauri Ali Hussein Ali Hussein Anand Tiwari Anand Tiwari Arseniy Akuney TELUS Security Labs Ben Khlifa Fahmi Ben Khlifa Fahmi Cam Beasley Information Security Office for the Univ. of Texas at Austin Carlo Di Dato iDefense Christopher Meyer Ruhr-University Bochum Daniel EkBerg Kentor AB Sweden Dibyendu Sikdar Dibyendu Sikdar Esteban Martinez Fayo Application Security, Inc. Fernando Muñoz Fernando Muñoz Griffin Francis Griffin Francis James Pearson James Pearson Jeffrey Apple John Leitch HP DVLabs Johnathan Simon Johnathan Simon Joseph Sheridan Reactionis Juraj Somorovsky Ruhr-University Bochum Kevin Stadmeyer for Maarten Van Horenbeeck Google Koutrouss Naddara Kotros Nadara Matthew Daley Matthew Daley Moez Roy Moez Roy Mohammed Osman Mohammed Osman Muhammad Talha Khan Muhammad Talha Khan Oliver Gruskovnjak Portcullis Inc Osanda Malith Jayathissa Osanda Malith Jayathissa Owais Mohammad Khan Owais Mohammad Khan Peter Jaric Peter Jaric Rafay Baloch Rafay Baloch Rakesh Singh Zero Day Guys Sam Thomas Pentest Limited Sebastian Schinzel University of Applied Sciences Münster Sky_BlaCk Sky_BlaCk Sunil Dadhich Sunil Dadhich Suraj Radhakrishnan Suraj Radhakrishnan Tanel Poder Tanel Poder Tor Erling Bjorstad Tor Erling Bjorstad Vishnu Patel Vishnu Patel Will Dormann CERT/CC Yash Kadakia Security Brigade Yuki Chen Trend Micro Oracle Database Version 11.1.0.7 Oracle Database Version 11.2.0.3 Oracle Database Version 11.2.0.4 Oracle Database Version 12.1.0.1 Spatial and Graph Version 11.1.0.7 Spatial and Graph Version 11.2.0.3 Spatial and Graph Version 11.2.0.4 Spatial and Graph Version 12.1.0.1 Payroll Version 11.5.10.2 Payroll Version 12.0.6 Payroll Version 12.1.1 Payroll Version 12.1.2 Payroll Version 12.1.3 Payroll Version 12.2.2 Application Object Library Version 11.5.10.2 Application Object Library Version 12.0.6 Application Object Library Version 12.1.3 Application Object Library Version 12.2.2 Applications Framework Version 11.5.10.2 Applications Framework Version 12.0.6 Applications Framework Version 12.1.3 Applications Framework Version 12.2.2 FLEXCUBE Private Banking Version 1.7 FLEXCUBE Private Banking Version 12.0.1 FLEXCUBE Private Banking Version 12.0.2 FLEXCUBE Private Banking Version 2.0 FLEXCUBE Private Banking Version 2.0.1 FLEXCUBE Private Banking Version 2.2.0.1 FLEXCUBE Private Banking Version 3.0 Portal Version 11.1.1.6 Reports Developer Version 11.1.1.6 Reports Developer Version 11.1.1.7 Reports Developer Version 11.1.2.1 Internet Directory Version 11.1.1.6 Internet Directory Version 11.1.1.7 HTTP Server Version 11.1.1.7.0 HTTP Server Version 11.1.1.7.0 Oracle Forms and Reports: 11.1.2.1 HTTP Server Version 11.1.1.7.0 Oracle Forms and Reports: 11.1.2.1 Fusion Middleware: 10.1.3.5.0 HTTP Server Version 12.1.2.0 Oracle Forms and Reports: 11.1.2.1 HTTP Server Version OHS: 11.1.1.6.0 WebCenter Portal Version 11.1.1.6.0 WebCenter Portal Version 11.1.1.7.0 WebCenter Portal Version 11.1.1.8.0 Identity Manager Version 11.1.1.5 Identity Manager Version 11.1.1.7 Identity Manager Version 11.1.2.0 Identity Manager Version 11.1.2.1 Outside In Technology Version 8.4.0 Outside In Technology Version 8.4.1 GlassFish Server Version 8.2 GlassFish Server Version GlassFish Enterprise Server 2.1.1 GlassFish Server Version Sun Java Application Server 8.1 iPlanet Web Proxy Server Version 4.0 iPlanet Web Server Version 6.1 iPlanet Web Server Version 7.0 Traffic Director Version 11.1.1.6 Traffic Director Version 11.1.1.7 Enterprise Data Quality Version 8.1 Enterprise Data Quality Version 9.0.8 WebCenter Sites Version 11.1.1.6.1 WebCenter Sites Version 11.1.1.8.0 Hyperion Essbase Administration Services Version 11.1.2.1 Hyperion Essbase Administration Services Version 11.1.2.2 Hyperion Essbase Administration Services Version 11.1.2.3 Hyperion Strategic Finance Version 11.1.2.1 Hyperion Strategic Finance Version 11.1.2.2 Java Version JRockit R27.7.7 Java Version JRockit R28.2.9 Java Version Java SE 5.0u55 Java Version Java SE 6u65 Java Version Java SE 7u45 Java Version Java SE 7u45 on Firefox Java Version Java SE 7u45 on OS X Java Version Java SE Embedded 7u45 Java Version JavaFX 2.2.45 MySQL Server Version 5.1.71 and earlier MySQL Server Version 5.1.72 and earlier MySQL Server Version 5.5.33 and earlier MySQL Server Version 5.5.34 and earlier MySQL Server Version 5.6.13 and earlier MySQL Server Version 5.6.14 and earlier MySQL Enterprise Monitor Version 2.3.14 and earlier MySQL Enterprise Monitor Version 3.0.4 and earlier PeopleSoft Enterprise HRMS eProfile Manager Desktop Version 9.1 PeopleSoft Enterprise HRMS eProfile Manager Desktop Version 9.2 PeopleSoft Enterprise HRMS Human Resources Version 9.1 PeopleSoft Enterprise HRMS Human Resources Version 9.2 PeopleSoft Enterprise PT PeopleTools Version 8.52 PeopleSoft Enterprise PT PeopleTools Version 8.53 PeopleSoft Enterprise SCM Services Procurement Version 9.2 PeopleSoft Enterprise CC Common Application Objects Version 9.1 PeopleSoft Enterprise CC Common Application Objects Version 9.2 Siebel Core - EAI Version 8.1.1 Siebel Core - EAI Version 8.2.2 Siebel Life Sciences Version 8.1.1 Siebel Life Sciences Version 8.2.2 Transportation Management Version 6.0 Transportation Management Version 6.1 Transportation Management Version 6.2 Transportation Management Version 6.3 Transportation Management Version 6.3.1 Transportation Management Version 6.3.2 Demantra Demand Management Version 12.2.0 Demantra Demand Management Version 12.2.1 Demantra Demand Management Version 12.2.2 Demantra Demand Management Version 12.2.3 Demantra Demand Management Version 7.2.0.3 SQL-Server Demantra Demand Management Version 7.3.0 Demantra Demand Management Version 7.3.0.x Demantra Demand Management Version 7.3.1 Demantra Demand Management Version 7.3.1.x Agile Product Lifecycle Management for Process Version 6.0 Agile Product Lifecycle Management for Process Version 6.1 Agile Product Lifecycle Management for Process Version 6.1.1 AutoVue Electro-Mechanical Professional Version 20.1.1 Oracle VM VirtualBox Version 4.0.22 Oracle VM VirtualBox Version 4.1.30 Oracle VM VirtualBox Version 4.2.20 Oracle VM VirtualBox Version 4.2.22 Oracle VM VirtualBox Version 4.3.4 Oracle VM VirtualBox Version 4.3.6 Oracle VM VirtualBox Version VirtualBox prior to 3.2.20 Secure Global Desktop Version 4.71 Secure Global Desktop Version 5.0 with December 2013 PSU Secure Global Desktop Version 5.10 Secure Global Desktop Version SGD prior to 4.63 with December 2013 PSU Secure Global Desktop Version SGD prior to 4.71 with December 2013 PSU Secure Global Desktop Version SGD prior to SGD 4.63 with December 2013 PSU Solaris Operating System Version 10 Solaris Operating System Version 11.1 Solaris Operating System Version 8 Solaris Operating System Version 9 iLearning Version 6.0 Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Localization (L10N)). Supported versions that are affected are 8 and 9. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies only when Solaris is running on SPARC platform. CVSS Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). Fix has been released CVE-2003-1067 P-10006V-8 P-10006V-9 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-10006V-8 P-10006V-9 Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: OSSL Module). Supported versions that are affected are OHS: 11.1.1.6.0 and 11.1.1.7.0 Oracle Forms and Reports: 11.1.2.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle HTTP Server accessible data as well as read access to a subset of Oracle HTTP Server accessible data and ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. Note: This fix also addresses CVE-2007-0008. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). Fix has been released CVE-2007-0009 P-1042V-OHS: 11.1.1.6.0 P-1042V-11.1.1.7.0 Oracle Forms and Reports: 11.1.2.1 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-1042V-OHS: 11.1.1.6.0 P-1042V-11.1.1.7.0 Oracle Forms and Reports: 11.1.2.1 Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: OSSL Module). Supported versions that are affected are OHS: 11.1.1.6.0 and 11.1.1.7.0 Oracle Forms and Reports: 11.1.2.1. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle HTTP Server accessible data. CVSS Base Score 2.6 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N). Fix has been released CVE-2007-1858 P-1042V-OHS: 11.1.1.6.0 P-1042V-11.1.1.7.0 Oracle Forms and Reports: 11.1.2.1 2.6 AV:N/AC:H/Au:N/C:P/I:N/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-1042V-OHS: 11.1.1.6.0 P-1042V-11.1.1.7.0 Oracle Forms and Reports: 11.1.2.1 Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). Supported versions that are affected are OHS: 11.1.1.6.0 and 11.1.1.7.0 Oracle Forms and Reports: 11.1.2.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle HTTP Server accessible data. Note: This fix also addresses CVE-2012-4558. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-3499 P-1042V-OHS: 11.1.1.6.0 P-1042V-11.1.1.7.0 Oracle Forms and Reports: 11.1.2.1 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-1042V-OHS: 11.1.1.6.0 P-1042V-11.1.1.7.0 Oracle Forms and Reports: 11.1.2.1 Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Application Server). Supported versions that are affected are 6.0, 6.1, 6.2, 6.3, 6.3.1 and 6.3.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Transportation Management. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Fix has been released CVE-2012-3544 P-1991V-6.0 P-1991V-6.1 P-1991V-6.2 P-1991V-6.3 P-1991V-6.3.1 P-1991V-6.3.2 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-1991V-6.0 P-1991V-6.1 P-1991V-6.2 P-1991V-6.3 P-1991V-6.3.1 P-1991V-6.3.2 Vulnerability in the Oracle Secure Global Desktop (SGD) component of Oracle Virtualization (subcomponent: Apache Tomcat). Supported versions that are affected are SGD prior to 4.63 with December 2013 PSU and 4.71. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Secure Global Desktop (SGD). CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Fix has been released CVE-2012-3544 P-8539V-SGD prior to 4.63 with December 2013 PSU P-8539V-4.71 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-8539V-SGD prior to 4.63 with December 2013 PSU P-8539V-4.71 Vulnerability in the Oracle Enterprise Data Quality component of Oracle Fusion Middleware (subcomponent: Internal Operations). Supported versions that are affected are 8.1 and 9.0.8. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Data Quality. Note: Please refer to Doc ID <A HREF="http://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1595538.1">My Oracle Support Note 1595538.1</a> for instructions on how to address this issue. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Fix has been released CVE-2012-3544 P-9464V-8.1 P-9464V-9.0.8 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-9464V-8.1 P-9464V-9.0.8 Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: OSSL Module). Supported versions that are affected are OHS: 11.1.1.6.0 and 11.1.1.7.0 Oracle Forms and Reports: 11.1.2.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle HTTP Server accessible data. Note: This fix also addresses CVE-2006-0998 and CVE-2006-0999. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2012-4605 P-1042V-OHS: 11.1.1.6.0 P-1042V-11.1.1.7.0 Oracle Forms and Reports: 11.1.2.1 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-1042V-OHS: 11.1.1.6.0 P-1042V-11.1.1.7.0 Oracle Forms and Reports: 11.1.2.1 Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are GlassFish Enterprise Server 2.1.1, Sun Java Application Server 8.1 and 8.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle GlassFish Server accessible data. CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). Fix has been released CVE-2013-1620 P-8493V-GlassFish Enterprise Server 2.1.1 P-8493V-Sun Java Application Server 8.1 P-8493V-8.2 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-8493V-GlassFish Enterprise Server 2.1.1 P-8493V-Sun Java Application Server 8.1 P-8493V-8.2 Vulnerability in the Oracle iPlanet Web Proxy Server component of Oracle Fusion Middleware (subcomponent: Security). The supported version that is affected is 4.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle iPlanet Web Proxy Server accessible data. CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). Fix has been released CVE-2013-1620 P-8542V-4.0 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-8542V-4.0 Vulnerability in the Oracle iPlanet Web Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 6.1 and 7.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle iPlanet Web Server accessible data. CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). Fix has been released CVE-2013-1620 P-8543V-6.1 P-8543V-7.0 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-8543V-6.1 P-8543V-7.0 Vulnerability in the Oracle Traffic Director component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 11.1.1.6 and 11.1.1.7. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Traffic Director accessible data. CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). Fix has been released CVE-2013-1620 P-9276V-11.1.1.6 P-9276V-11.1.1.7 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-9276V-11.1.1.6 P-9276V-11.1.1.7 Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: OSSL Module). Supported versions that are affected are OHS: 11.1.1.6.0 and 11.1.1.7.0 Oracle Forms and Reports: 11.1.2.1 Fusion Middleware: 10.1.3.5.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle HTTP Server accessible data. CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). Fix has been released CVE-2013-1654 P-1042V-OHS: 11.1.1.6.0 P-1042V-11.1.1.7.0 Oracle Forms and Reports: 11.1.2.1 Fusion Middleware: 10.1.3.5.0 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-1042V-OHS: 11.1.1.6.0 P-1042V-11.1.1.7.0 Oracle Forms and Reports: 11.1.2.1 Fusion Middleware: 10.1.3.5.0 Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). Supported versions that are affected are OHS: 11.1.1.6.0, 11.1.1.7.0 and 12.1.2.0 Oracle Forms and Reports: 11.1.2.1. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle HTTP Server accessible data as well as read access to a subset of Oracle HTTP Server accessible data and ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. CVSS Base Score 5.1 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P). Fix has been released CVE-2013-1862 P-1042V-OHS: 11.1.1.6.0 P-1042V-11.1.1.7.0 P-1042V-12.1.2.0 Oracle Forms and Reports: 11.1.2.1 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-1042V-OHS: 11.1.1.6.0 P-1042V-11.1.1.7.0 P-1042V-12.1.2.0 Oracle Forms and Reports: 11.1.2.1 Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Application Server). Supported versions that are affected are 6.0, 6.1, 6.2, 6.3, 6.3.1 and 6.3.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to all Oracle Transportation Management accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P+/I:N/A:N). Fix has been released CVE-2013-2067 P-1991V-6.0 P-1991V-6.1 P-1991V-6.2 P-1991V-6.3 P-1991V-6.3.1 P-1991V-6.3.2 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-1991V-6.0 P-1991V-6.1 P-1991V-6.2 P-1991V-6.3 P-1991V-6.3.1 P-1991V-6.3.2 Vulnerability in the Oracle Secure Global Desktop (SGD) component of Oracle Virtualization (subcomponent: Apache Tomcat). Supported versions that are affected are SGD prior to SGD 4.63 with December 2013 PSU and 4.71. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Secure Global Desktop (SGD) accessible data as well as read access to a subset of Oracle Secure Global Desktop (SGD) accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Secure Global Desktop (SGD). CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). Fix has been released CVE-2013-2067 P-8539V-SGD prior to SGD 4.63 with December 2013 PSU P-8539V-4.71 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-8539V-SGD prior to SGD 4.63 with December 2013 PSU P-8539V-4.71 Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Application Server). Supported versions that are affected are 6.0, 6.1, 6.2, 6.3, 6.3.1 and 6.3.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Transportation Management accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Fix has been released CVE-2013-2071 P-1991V-6.0 P-1991V-6.1 P-1991V-6.2 P-1991V-6.3 P-1991V-6.3.1 P-1991V-6.3.2 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-1991V-6.0 P-1991V-6.1 P-1991V-6.2 P-1991V-6.3 P-1991V-6.3.1 P-1991V-6.3.2 Vulnerability in the Oracle Secure Global Desktop (SGD) component of Oracle Virtualization (subcomponent: Apache Tomcat). Supported versions that are affected are SGD prior to 4.71 with December 2013 PSU and 5.0 with December 2013 PSU. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Secure Global Desktop (SGD) accessible data. Note: SGD releases prior to SGD 4.7 are not affected by CVE-2013-2071 as they do not ship with Apache Tomcat 7.x, which is the only affected release of Tomcat. CVSS Base Score 2.6 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N). Fix has been released CVE-2013-2071 P-8539V-SGD prior to 4.71 with December 2013 PSU P-8539V-5.0 with December 2013 PSU 2.6 AV:N/AC:H/Au:N/C:P/I:N/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-8539V-SGD prior to 4.71 with December 2013 PSU P-8539V-5.0 with December 2013 PSU Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Localization (L10N)). The supported version that is affected is 11.1. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 1.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:P). Fix has been released CVE-2013-2924 P-10006V-11.1 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-10006V-11.1 Vulnerability in the Hyperion Strategic Finance component of Oracle Hyperion (subcomponent: Server). Supported versions that are affected are 11.1.2.1 and 11.1.2.2. Very difficult to exploit vulnerability allows successful authenticated network attacks via Microsoft RPC. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:C/I:C/A:C). Oracle Vector: (AV:N/AC:H/Au:S/C:C/I:C/A:C). Fix has been released CVE-2013-3830 P-4408V-11.1.2.1 P-4408V-11.1.2.2 7.1 AV:N/AC:H/Au:S/C:C/I:C/A:C CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-4408V-11.1.2.1 P-4408V-11.1.2.2 Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Service Manager). Supported versions that are affected are 3.0.4 and earlier and 2.3.14 and earlier. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: The following CVEs are fixed as a result of upgrading to Struts 2.3.15.3: CVE-2013-4316 and CVE-2013-4310. The CVSS score is taken from <A HREF="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4316">http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4316</a>. The CVSS score is 10.0 if MySQL Enterprise Monitor runs with admin or root privileges. The score would be 7.5 if MySQL Enterprise Monitor runs with non-admin privileges and the impact on Confidentiality, Integrity and Availability would be Partial+. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Fix has been released CVE-2013-4316 P-8480V-3.0.4 and earlier P-8480V-2.3.14 and earlier 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-8480V-3.0.4 and earlier P-8480V-2.3.14 and earlier Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Software (subcomponent: Core). Supported versions that are affected are 1.7, 2.0, 2.0.1, 2.2.0.1, 3.0, 12.0.1 and 12.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: The following CVEs are fixed as a result of upgrading to Struts 2.3.15.3: CVE-2013-4316 and CVE-2013-4310. The CVSS score is taken from <A HREF="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4316">http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4316</a>. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Fix has been released CVE-2013-4316 P-9110V-1.7 P-9110V-2.0 P-9110V-2.0.1 P-9110V-2.2.0.1 P-9110V-3.0 P-9110V-12.0.1 P-9110V-12.0.2 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-9110V-1.7 P-9110V-2.0 P-9110V-2.0.1 P-9110V-2.2.0.1 P-9110V-3.0 P-9110V-12.0.1 P-9110V-12.0.2 Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: WebCenter Sites Community). Supported versions that are affected are 11.1.1.6.1 and 11.1.1.8.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: The following CVEs are fixed as a result of upgrading to Struts 2.3.15.3: CVE-2013-4316, CVE-2013-2251, CVE-2013-2248, CVE-2013-2135 and CVE-2013-2134. The CVSS score is taken from <A HREF="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4316">http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4316</a>. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Fix has been released CVE-2013-4316 P-9617V-11.1.1.6.1 P-9617V-11.1.1.8.0 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-9617V-11.1.1.6.1 P-9617V-11.1.1.8.0 Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Create Session, Alter Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3 and 12.1.0.1. Difficult to exploit vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Core RDBMS. CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2013-5764 P-5V-11.1.0.7 P-5V-11.2.0.3 P-5V-12.1.0.1 3.5 AV:N/AC:M/Au:S/C:N/I:N/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-5V-11.1.0.7 P-5V-11.2.0.3 P-5V-12.1.0.1 Vulnerability in the Oracle Reports Developer component of Oracle Fusion Middleware (subcomponent: Security and Authentication). Supported versions that are affected are 11.1.1.6, 11.1.1.7 and 11.1.2.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized takeover of Oracle Reports Developer possibly including arbitrary code execution within the Oracle Reports Developer. Note: Please refer to Doc ID <A HREF="http://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1608683.1">My Oracle Support Note 1608683.1</a> for instructions on how to address this issue. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:P+). Fix has been released CVE-2013-5785 P-159V-11.1.1.6 P-159V-11.1.1.7 P-159V-11.1.2.1 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-159V-11.1.1.6 P-159V-11.1.1.7 P-159V-11.1.2.1 Vulnerability in the Oracle Demantra Demand Management component of Oracle Supply Chain Products Suite (subcomponent: DM Others). Supported versions that are affected are 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.0, 12.2.1, 12.2.2 and 12.2.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to all Oracle Demantra Demand Management accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:N/A:N). Fix has been released CVE-2013-5795 P-2100V-7.2.0.3 SQL-Server P-2100V-7.3.0 P-2100V-7.3.1 P-2100V-12.2.0 P-2100V-12.2.1 P-2100V-12.2.2 P-2100V-12.2.3 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-2100V-7.2.0.3 SQL-Server P-2100V-7.3.0 P-2100V-7.3.1 P-2100V-12.2.0 P-2100V-12.2.1 P-2100V-12.2.2 P-2100V-12.2.3 Vulnerability in the Oracle iPlanet Web Proxy Server component of Oracle Fusion Middleware (subcomponent: Administration). The supported version that is affected is 4.0. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle iPlanet Web Proxy Server accessible data. CVSS Base Score 2.6 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N). Fix has been released CVE-2013-5808 P-8542V-4.0 2.6 AV:N/AC:H/Au:N/C:P/I:N/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-8542V-4.0 Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Remote Procedure Call (RPC)). Supported versions that are affected are 8, 9, 10 and 11.1. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 4.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P). Fix has been released CVE-2013-5821 P-10006V-8 P-10006V-9 P-10006V-10 P-10006V-11.1 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-10006V-8 P-10006V-9 P-10006V-10 P-10006V-11.1 Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Filesystem). Supported versions that are affected are 8 and 9. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). Oracle Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). Fix has been released CVE-2013-5833 P-10006V-8 P-10006V-9 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-10006V-8 P-10006V-9 Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: "ps" command line utility). The supported version that is affected is 8. Very difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:L/AC:H/Au:N/C:C/I:C/A:C). Fix has been released CVE-2013-5834 P-10006V-8 6.2 AV:L/AC:H/Au:N/C:C/I:C/A:C CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-10006V-8 Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.1.0.7, 11.2.0.3 and 12.1.0.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Fix has been released CVE-2013-5853 P-5V-11.1.0.7 P-5V-11.2.0.3 P-5V-12.1.0.1 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-5V-11.1.0.7 P-5V-11.2.0.3 P-5V-12.1.0.1 Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Create Session, Create View privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4 and 12.1.0.1. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Core RDBMS accessible data. CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). Fix has been released CVE-2013-5858 P-5V-11.1.0.7 P-5V-11.2.0.3 P-5V-11.2.0.4 P-5V-12.1.0.1 4.0 AV:N/AC:L/Au:S/C:N/I:P/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-5V-11.1.0.7 P-5V-11.2.0.3 P-5V-11.2.0.4 P-5V-12.1.0.1 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: GIS). Supported versions that are affected are 5.6.14 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 6.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C). Fix has been released CVE-2013-5860 P-8478V-5.6.14 and earlier 6.8 AV:N/AC:L/Au:S/C:N/I:N/A:C CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-8478V-5.6.14 and earlier Vulnerability in the Oracle AutoVue component of Oracle Supply Chain Products Suite (subcomponent: Web General). The supported version that is affected is 20.1.1. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to all Oracle AutoVue accessible data. CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:P+/I:N/A:N). Fix has been released CVE-2013-5868 P-4453V-20.1.1 3.5 AV:N/AC:M/Au:S/C:P/I:N/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-4453V-20.1.1 Vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: Page Service). Supported versions that are affected are 11.1.1.6.0, 11.1.1.7.0 and 11.1.1.8.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Portal accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2013-5869 P-1696V-11.1.1.6.0 P-1696V-11.1.1.7.0 P-1696V-11.1.1.8.0 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-1696V-11.1.1.6.0 P-1696V-11.1.1.7.0 P-1696V-11.1.1.8.0 Vulnerability in the Java SE, JavaFX component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE 7u45 and JavaFX 2.2.45. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, JavaFX accessible data as well as read access to a subset of Java SE, JavaFX accessible data and ability to cause a partial denial of service (partial DOS) of Java SE, JavaFX. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). Fix has been released CVE-2013-5870 P-856V-Java SE 7u45 P-856V-JavaFX 2.2.45 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-856V-Java SE 7u45 P-856V-JavaFX 2.2.45 Vulnerability in the Oracle AutoVue component of Oracle Supply Chain Products Suite (subcomponent: Web General). The supported version that is affected is 20.1.1. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle AutoVue accessible data. CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). Fix has been released CVE-2013-5871 P-4453V-20.1.1 3.5 AV:N/AC:M/Au:S/C:P/I:N/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-4453V-20.1.1 Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Name Service Cache Daemon (NSCD)). Supported versions that are affected are 10 and 11.1. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P+). Fix has been released CVE-2013-5872 P-10006V-10 P-10006V-11.1 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-10006V-10 P-10006V-11.1 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.52 and 8.53. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2013-5873 P-5085V-8.52 P-5085V-8.53 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-5085V-8.52 P-5085V-8.53 Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Logging). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.3 and 12.2.2. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS Base Score 1.7 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:L/AC:L/Au:S/C:P/I:N/A:N). Fix has been released CVE-2013-5874 P-510V-11.5.10.2 P-510V-12.0.6 P-510V-12.1.3 P-510V-12.2.2 1.7 AV:L/AC:L/Au:S/C:P/I:N/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-510V-11.5.10.2 P-510V-12.0.6 P-510V-12.1.3 P-510V-12.2.2 Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Role Based Access Control (RBAC)). The supported version that is affected is 11.1. Difficult to exploit vulnerability requiring logon to Operating System plus additional, multiple logins to components. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized update, insert or delete access to some Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 2.7 (Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:M/C:N/I:P/A:P). Oracle Vector: (AV:L/AC:M/Au:M/C:N/I:P/A:P). Fix has been released CVE-2013-5875 P-10006V-11.1 2.7 AV:L/AC:M/Au:M/C:N/I:P/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-10006V-11.1 Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11.1. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). Oracle Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). Fix has been released CVE-2013-5876 P-10006V-10 P-10006V-11.1 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-10006V-10 P-10006V-11.1 Vulnerability in the Oracle Demantra Demand Management component of Oracle Supply Chain Products Suite (subcomponent: DM Others). Supported versions that are affected are 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.0 and 12.2.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Demantra Demand Management accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2013-5877 P-2100V-7.2.0.3 SQL-Server P-2100V-7.3.0 P-2100V-7.3.1 P-2100V-12.2.0 P-2100V-12.2.1 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-2100V-7.2.0.3 SQL-Server P-2100V-7.3.0 P-2100V-7.3.1 P-2100V-12.2.0 P-2100V-12.2.1 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, Java SE Embedded accessible data as well as read access to a subset of Java SE, Java SE Embedded accessible data and ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). Fix has been released CVE-2013-5878 P-856V-Java SE 6u65 P-856V-Java SE 7u45 P-856V-Java SE Embedded 7u45 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-856V-Java SE 6u65 P-856V-Java SE 7u45 P-856V-Java SE Embedded 7u45 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Maintenance). Supported versions that are affected are 8.4.0 and 8.4.1. Difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS Base Score would increase to 6.8. CVSS Base Score 1.5 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:L/AC:M/Au:S/C:N/I:N/A:P). Fix has been released CVE-2013-5879 P-2276V-8.4.0 P-2276V-8.4.1 1.5 AV:L/AC:M/Au:S/C:N/I:N/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-2276V-8.4.0 P-2276V-8.4.1 Vulnerability in the Oracle Demantra Demand Management component of Oracle Supply Chain Products Suite (subcomponent: DM Others). Supported versions that are affected are 12.2.0, 12.2.1 and 12.2.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Demantra Demand Management accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2013-5880 P-2100V-12.2.0 P-2100V-12.2.1 P-2100V-12.2.2 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-2100V-12.2.0 P-2100V-12.2.1 P-2100V-12.2.2 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.14 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2013-5881 P-8478V-5.6.14 and earlier 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-8478V-5.6.14 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure). Supported versions that are affected are 5.6.13 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 6.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C). Fix has been released CVE-2013-5882 P-8478V-5.6.13 and earlier 6.8 AV:N/AC:L/Au:S/C:N/I:N/A:C CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-8478V-5.6.13 and earlier Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 8. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized update, insert or delete access to some Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris. Note: Applies only when Solaris is running on SPARC platform. CVSS Base Score 3.2 (Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:N/I:P/A:P). Oracle Vector: (AV:L/AC:L/Au:S/C:N/I:P/A:P). Fix has been released CVE-2013-5883 P-10006V-8 3.2 AV:L/AC:L/Au:S/C:N/I:P/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-10006V-8 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: CORBA ). Supported versions that are affected are Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2013-5884 P-856V-Java SE 5.0u55 P-856V-Java SE 6u65 P-856V-Java SE 7u45 P-856V-Java SE Embedded 7u45 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-856V-Java SE 5.0u55 P-856V-Java SE 6u65 P-856V-Java SE 7u45 P-856V-Java SE Embedded 7u45 Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Audit). The supported version that is affected is 11.1. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized update, insert or delete access to some Solaris accessible data. CVSS Base Score 1.7 (Integrity impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:L/AC:L/Au:S/C:N/I:P/A:N). Fix has been released CVE-2013-5885 P-10006V-11.1 1.7 AV:L/AC:L/Au:S/C:N/I:P/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-10006V-11.1 Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: Common Application Objects). Supported versions that are affected are 9.1 and 9.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise HRMS accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2013-5886 P-8911V-9.1 P-8911V-9.2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-8911V-9.1 P-8911V-9.2 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u65 and Java SE 7u45. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Fix has been released CVE-2013-5887 P-856V-Java SE 6u65 P-856V-Java SE 7u45 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-856V-Java SE 6u65 P-856V-Java SE 7u45 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u65 and Java SE 7u45. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data and ability to cause a partial denial of service (partial DOS) of Java SE. Note: Applies to client deployment of Java under GNOME environment on Linux and Solaris. CVSS Base Score 4.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P). Fix has been released CVE-2013-5888 P-856V-Java SE 6u65 P-856V-Java SE 7u45 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-856V-Java SE 6u65 P-856V-Java SE 7u45 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u65 and Java SE 7u45. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). Fix has been released CVE-2013-5889 P-856V-Java SE 6u65 P-856V-Java SE 7u45 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-856V-Java SE 6u65 P-856V-Java SE 7u45 Vulnerability in the Oracle Payroll component of Oracle E-Business Suite (subcomponent: Exception Reporting). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Payroll accessible data as well as read access to all Oracle Payroll accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P+/I:P+/A:N). Fix has been released CVE-2013-5890 P-506V-11.5.10.2 P-506V-12.0.6 P-506V-12.1.1 P-506V-12.1.2 P-506V-12.1.3 P-506V-12.2.2 5.5 AV:N/AC:L/Au:S/C:P/I:P/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-506V-11.5.10.2 P-506V-12.0.6 P-506V-12.1.1 P-506V-12.1.2 P-506V-12.1.3 P-506V-12.2.2 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Partition). Supported versions that are affected are 5.5.33 and earlier and 5.6.13 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2013-5891 P-8478V-5.5.33 and earlier P-8478V-5.6.13 and earlier 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-8478V-5.5.33 and earlier P-8478V-5.6.13 and earlier Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.22 and 4.3.6. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized takeover of Oracle VM VirtualBox possibly including arbitrary code execution within the Oracle VM VirtualBox. CVSS Base Score 3.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:S/C:P/I:P/A:P). Oracle Vector: (AV:L/AC:H/Au:S/C:P+/I:P+/A:P+). Fix has been released CVE-2013-5892 P-8370V-VirtualBox prior to 3.2.20 P-8370V-4.0.22 P-8370V-4.1.30 P-8370V-4.2.22 P-8370V-4.3.6 3.5 AV:L/AC:H/Au:S/C:P/I:P/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-8370V-VirtualBox prior to 3.2.20 P-8370V-4.0.22 P-8370V-4.1.30 P-8370V-4.2.22 P-8370V-4.3.6 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE 7u45 and Java SE Embedded 7u45. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). Fix has been released CVE-2013-5893 P-856V-Java SE 7u45 P-856V-Java SE Embedded 7u45 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-856V-Java SE 7u45 P-856V-Java SE Embedded 7u45 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.13 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2013-5894 P-8478V-5.6.13 and earlier 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-8478V-5.6.13 and earlier Vulnerability in the Java SE, JavaFX component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE 7u45 and JavaFX 2.2.45. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE, JavaFX accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2013-5895 P-856V-Java SE 7u45 P-856V-JavaFX 2.2.45 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-856V-Java SE 7u45 P-856V-JavaFX 2.2.45 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: CORBA). Supported versions that are affected are Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Fix has been released CVE-2013-5896 P-856V-Java SE 5.0u55 P-856V-Java SE 6u65 P-856V-Java SE 7u45 P-856V-Java SE Embedded 7u45 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-856V-Java SE 5.0u55 P-856V-Java SE 6u65 P-856V-Java SE 7u45 P-856V-Java SE Embedded 7u45 Vulnerability in the Oracle Agile Product Lifecycle Management for Process component of Oracle Supply Chain Products Suite (subcomponent: Manage Data Cache). Supported versions that are affected are 6.0, 6.1 and 6.1.1. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Agile Product Lifecycle Management for Process accessible data as well as read access to all Oracle Agile Product Lifecycle Management for Process accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P+/I:P+/A:N). Fix has been released CVE-2013-5897 P-4445V-6.0 P-4445V-6.1 P-4445V-6.1.1 5.5 AV:N/AC:L/Au:S/C:P/I:P/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-4445V-6.0 P-4445V-6.1 P-4445V-6.1.1 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u65 and Java SE 7u45. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 4.0 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N). Fix has been released CVE-2013-5898 P-856V-Java SE 6u65 P-856V-Java SE 7u45 4.0 AV:N/AC:H/Au:N/C:P/I:P/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-856V-Java SE 6u65 P-856V-Java SE 7u45 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u65 and Java SE 7u45. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2013-5899 P-856V-Java SE 6u65 P-856V-Java SE 7u45 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-856V-Java SE 6u65 P-856V-Java SE 7u45 Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: End User Self Service). Supported versions that are affected are 11.1.1.5, 11.1.1.7, 11.1.2.0 and 11.1.2.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Identity Manager accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2013-5900 P-1980V-11.1.1.5 P-1980V-11.1.1.7 P-1980V-11.1.2.0 P-1980V-11.1.2.1 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-1980V-11.1.1.5 P-1980V-11.1.1.7 P-1980V-11.1.2.0 P-1980V-11.1.2.1 Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Identity Console). Supported versions that are affected are 11.1.2.0 and 11.1.2.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to all Oracle Identity Manager accessible data. CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:P+/I:N/A:N). Fix has been released CVE-2013-5901 P-1980V-11.1.2.0 P-1980V-11.1.2.1 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-1980V-11.1.2.0 P-1980V-11.1.2.1 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u65 and Java SE 7u45. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data and ability to cause a partial denial of service (partial DOS) of Java SE. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 5.1 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P). Fix has been released CVE-2013-5902 P-856V-Java SE 6u65 P-856V-Java SE 7u45 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-856V-Java SE 6u65 P-856V-Java SE 7u45 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). The supported version that is affected is Java SE 7u45. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data and ability to cause a partial denial of service (partial DOS) of Java SE. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). Fix has been released CVE-2013-5904 P-856V-Java SE 7u45 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-856V-Java SE 7u45 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Install). Supported versions that are affected are Java SE 5.0u55, Java SE 6u65 and Java SE 7u45. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data and ability to cause a partial denial of service (partial DOS) of Java SE. Note: Applies to installation process on client deployment of Java. CVSS Base Score 5.1 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P). Fix has been released CVE-2013-5905 P-856V-Java SE 5.0u55 P-856V-Java SE 6u65 P-856V-Java SE 7u45 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-856V-Java SE 5.0u55 P-856V-Java SE 6u65 P-856V-Java SE 7u45 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Install). Supported versions that are affected are Java SE 5.0u55, Java SE 6u65 and Java SE 7u45. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data and ability to cause a partial denial of service (partial DOS) of Java SE. Note: Applies to installation process on client deployment of Java. CVSS Base Score 5.1 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P). Fix has been released CVE-2013-5906 P-856V-Java SE 5.0u55 P-856V-Java SE 6u65 P-856V-Java SE 7u45 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-856V-Java SE 5.0u55 P-856V-Java SE 6u65 P-856V-Java SE 7u45 Vulnerability in the Java SE, JRockit, Java SE Embedded component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE 5.0u55, Java SE 6u65, Java SE 7u45, JRockit R27.7.7, JRockit R28.2.9 and Java SE Embedded 7u45. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Fix has been released CVE-2013-5907 P-856V-Java SE 5.0u55 P-856V-Java SE 6u65 P-856V-Java SE 7u45 P-856V-JRockit R27.7.7 P-856V-JRockit R28.2.9 P-856V-Java SE Embedded 7u45 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-856V-Java SE 5.0u55 P-856V-Java SE 6u65 P-856V-Java SE 7u45 P-856V-JRockit R27.7.7 P-856V-JRockit R28.2.9 P-856V-Java SE Embedded 7u45 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Error Handling). Supported versions that are affected are 5.1.72 and earlier, 5.5.34 and earlier and 5.6.14 and earlier. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 2.6 (Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:H/Au:N/C:N/I:N/A:P+). Fix has been released CVE-2013-5908 P-8478V-5.1.72 and earlier P-8478V-5.5.34 and earlier P-8478V-5.6.14 and earlier 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-8478V-5.1.72 and earlier P-8478V-5.5.34 and earlier P-8478V-5.6.14 and earlier Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: Org and Workforce Dev). Supported versions that are affected are 9.1 and 9.2. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise HRMS accessible data as well as read access to a subset of PeopleSoft Enterprise HRMS accessible data. CVSS Base Score 4.9 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N). Fix has been released CVE-2013-5909 P-5071V-9.1 P-5071V-9.2 4.9 AV:N/AC:M/Au:S/C:P/I:P/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-5071V-9.1 P-5071V-9.2 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, Java SE Embedded accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). Fix has been released CVE-2013-5910 P-856V-Java SE 6u65 P-856V-Java SE 7u45 P-856V-Java SE Embedded 7u45 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-856V-Java SE 6u65 P-856V-Java SE 7u45 P-856V-Java SE Embedded 7u45 Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Attachments). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Framework accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Fix has been released CVE-2014-0366 P-1472V-11.5.10.2 P-1472V-12.0.6 P-1472V-12.1.3 P-1472V-12.2.2 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-1472V-11.5.10.2 P-1472V-12.0.6 P-1472V-12.1.3 P-1472V-12.2.2 Vulnerability in the Hyperion Essbase Administration Services component of Oracle Hyperion (subcomponent: Admin Console). Supported versions that are affected are 11.1.2.1, 11.1.2.2 and 11.1.2.3. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Hyperion Essbase Administration Services accessible data as well as read access to a subset of Hyperion Essbase Administration Services accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). Fix has been released CVE-2014-0367 P-4380V-11.1.2.1 P-4380V-11.1.2.2 P-4380V-11.1.2.3 5.5 AV:N/AC:L/Au:S/C:P/I:P/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-4380V-11.1.2.1 P-4380V-11.1.2.2 P-4380V-11.1.2.3 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2014-0368 P-856V-Java SE 5.0u55 P-856V-Java SE 6u65 P-856V-Java SE 7u45 P-856V-Java SE Embedded 7u45 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-856V-Java SE 5.0u55 P-856V-Java SE 6u65 P-856V-Java SE 7u45 P-856V-Java SE Embedded 7u45 Vulnerability in the Siebel Core - EAI component of Oracle Siebel CRM (subcomponent: Java Integration). Supported versions that are affected are 8.1.1 and 8.2.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Siebel Core - EAI accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2014-0369 P-9021V-8.1.1 P-9021V-8.2.2 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-9021V-8.1.1 P-9021V-8.2.2 Vulnerability in the Siebel Life Sciences component of Oracle Siebel CRM (subcomponent: Clinical Trip Report). Supported versions that are affected are 8.1.1 and 8.2.2. Difficult to exploit vulnerability allows successful network attacks via HTTP, requiring multiple authentications. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Siebel Life Sciences. CVSS Base Score 2.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:M/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:M/Au:M/C:N/I:N/A:P). Fix has been released CVE-2014-0370 P-9173V-8.1.1 P-9173V-8.2.2 2.8 AV:N/AC:M/Au:M/C:N/I:N/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-9173V-8.1.1 P-9173V-8.2.2 Vulnerability in the Oracle Demantra Demand Management component of Oracle Supply Chain Products Suite (subcomponent: DM Others). Supported versions that are affected are 7.2.0.3 SQL-Server, 7.3.0.x, 7.3.1.x, 12.2.0, 12.2.1 and 12.2.2. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Demantra Demand Management accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Fix has been released CVE-2014-0371 P-2100V-7.2.0.3 SQL-Server P-2100V-7.3.0.x P-2100V-7.3.1.x P-2100V-12.2.0 P-2100V-12.2.1 P-2100V-12.2.2 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-2100V-7.2.0.3 SQL-Server P-2100V-7.3.0.x P-2100V-7.3.1.x P-2100V-12.2.0 P-2100V-12.2.1 P-2100V-12.2.2 Vulnerability in the Oracle Demantra Demand Management component of Oracle Supply Chain Products Suite (subcomponent: DM Others). Supported versions that are affected are 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.0, 12.2.1 and 12.2.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Demantra Demand Management accessible data as well as read access to all Oracle Demantra Demand Management accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P+/I:P+/A:N). Fix has been released CVE-2014-0372 P-2100V-7.2.0.3 SQL-Server P-2100V-7.3.0 P-2100V-7.3.1 P-2100V-12.2.0 P-2100V-12.2.1 P-2100V-12.2.2 5.5 AV:N/AC:L/Au:S/C:P/I:P/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-2100V-7.2.0.3 SQL-Server P-2100V-7.3.0 P-2100V-7.3.1 P-2100V-12.2.0 P-2100V-12.2.1 P-2100V-12.2.2 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Serviceability ). Supported versions that are affected are Java SE 5.0u55, Java SE 6u65 and Java SE 7u45. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data and ability to cause a partial denial of service (partial DOS) of Java SE. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). Fix has been released CVE-2014-0373 P-856V-Java SE 5.0u55 P-856V-Java SE 6u65 P-856V-Java SE 7u45 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-856V-Java SE 5.0u55 P-856V-Java SE 6u65 P-856V-Java SE 7u45 Vulnerability in the Oracle Portal component of Oracle Fusion Middleware (subcomponent: Page Parameters and Events). The supported version that is affected is 11.1.1.6. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Portal accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2014-0374 P-96V-11.1.1.6 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-96V-11.1.1.6 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u65 and Java SE 7u45. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 5.8 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N). Fix has been released CVE-2014-0375 P-856V-Java SE 6u65 P-856V-Java SE 7u45 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-856V-Java SE 6u65 P-856V-Java SE 7u45 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, Java SE Embedded accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). Fix has been released CVE-2014-0376 P-856V-Java SE 5.0u55 P-856V-Java SE 6u65 P-856V-Java SE 7u45 P-856V-Java SE Embedded 7u45 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-856V-Java SE 5.0u55 P-856V-Java SE 6u65 P-856V-Java SE 7u45 P-856V-Java SE Embedded 7u45 Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Create Session, Create Role, Create User, Select privilege on SYS tables. privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4 and 12.1.0.1. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Fix has been released CVE-2014-0377 P-5V-11.1.0.7 P-5V-11.2.0.3 P-5V-11.2.0.4 P-5V-12.1.0.1 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-5V-11.1.0.7 P-5V-11.2.0.3 P-5V-11.2.0.4 P-5V-12.1.0.1 Vulnerability in the Spatial component of Oracle Database Server. This vulnerability requires Local Login, Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4 and 12.1.0.1. Difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized update, insert or delete access to some Spatial accessible data as well as read access to a subset of Spatial accessible data and ability to cause a partial denial of service (partial DOS) of Spatial. CVSS Base Score 4.1 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:S/C:P/I:P/A:P). Oracle Vector: (AV:L/AC:M/Au:S/C:P/I:P/A:P). Fix has been released CVE-2014-0378 P-619V-11.1.0.7 P-619V-11.2.0.3 P-619V-11.2.0.4 P-619V-12.1.0.1 4.1 AV:L/AC:M/Au:S/C:P/I:P/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-619V-11.1.0.7 P-619V-11.2.0.3 P-619V-11.2.0.4 P-619V-12.1.0.1 Vulnerability in the Oracle Demantra Demand Management component of Oracle Supply Chain Products Suite (subcomponent: DM Others). Supported versions that are affected are 7.2.0.3 SQL-Server, 7.3.0.x, 7.3.1.x, 12.2.0, 12.2.1 and 12.2.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Demantra Demand Management accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2014-0379 P-2100V-7.2.0.3 SQL-Server P-2100V-7.3.0.x P-2100V-7.3.1.x P-2100V-12.2.0 P-2100V-12.2.1 P-2100V-12.2.2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-2100V-7.2.0.3 SQL-Server P-2100V-7.3.0.x P-2100V-7.3.1.x P-2100V-12.2.0 P-2100V-12.2.1 P-2100V-12.2.2 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: MultiChannel Framework (MCF)). Supported versions that are affected are 8.52 and 8.53. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2014-0380 P-5085V-8.52 P-5085V-8.53 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-5085V-8.52 P-5085V-8.53 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.52 and 8.53. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 2.6 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N). Fix has been released CVE-2014-0381 P-5085V-8.52 P-5085V-8.53 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-5085V-8.52 P-5085V-8.53 Vulnerability in the Java SE, JavaFX component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE 7u45 and JavaFX 2.2.45. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JavaFX. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 4.3 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P). Fix has been released CVE-2014-0382 P-856V-Java SE 7u45 P-856V-JavaFX 2.2.45 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-856V-Java SE 7u45 P-856V-JavaFX 2.2.45 Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Identity Console). Supported versions that are affected are 11.1.2.0 and 11.1.2.1. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Identity Manager accessible data. CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). Fix has been released CVE-2014-0383 P-1980V-11.1.2.0 P-1980V-11.1.2.1 3.5 AV:N/AC:M/Au:S/C:P/I:N/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-1980V-11.1.2.0 P-1980V-11.1.2.1 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Install). The supported version that is affected is Java SE 7u45 on OS X. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to installation process on client deployment of Java. CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). Fix has been released CVE-2014-0385 P-856V-Java SE 7u45 on OS X 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-856V-Java SE 7u45 on OS X Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Optimizer). Supported versions that are affected are 5.1.71 and earlier, 5.5.33 and earlier and 5.6.13 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2014-0386 P-8478V-5.1.71 and earlier P-8478V-5.5.33 and earlier P-8478V-5.6.13 and earlier 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-8478V-5.1.71 and earlier P-8478V-5.5.33 and earlier P-8478V-5.6.13 and earlier Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u65 and Java SE 7u45 on Firefox. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C). Fix has been released CVE-2014-0387 P-856V-Java SE 6u65 P-856V-Java SE 7u45 on Firefox 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-856V-Java SE 6u65 P-856V-Java SE 7u45 on Firefox Vulnerability in the PeopleSoft Enterprise HRMS Human Resources component of Oracle PeopleSoft Products (subcomponent: Org and Workforce Dev). Supported versions that are affected are 9.1 and 9.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HRMS Human Resources accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Fix has been released CVE-2014-0388 P-5071V-9.1 P-5071V-9.2 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-5071V-9.1 P-5071V-9.2 Vulnerability in the Oracle iLearning component of Oracle iLearning (subcomponent: Learner Pages). The supported version that is affected is 6.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle iLearning accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2014-0389 P-902V-6.0 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-902V-6.0 Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Java Web Console). The supported version that is affected is 10. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2014-0390 P-10006V-10 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-10006V-10 Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: End User Self Service). Supported versions that are affected are 11.1.1.5, 11.1.1.7, 11.1.2.0 and 11.1.2.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Identity Manager accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2014-0391 P-1980V-11.1.1.5 P-1980V-11.1.1.7 P-1980V-11.1.2.0 P-1980V-11.1.2.1 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-1980V-11.1.1.5 P-1980V-11.1.1.7 P-1980V-11.1.2.0 P-1980V-11.1.2.1 Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 9.1 and 9.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HRMS accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Fix has been released CVE-2014-0392 P-5052V-9.1 P-5052V-9.2 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-5052V-9.1 P-5052V-9.2 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.1.71 and earlier, 5.5.33 and earlier and 5.6.13 and earlier. Easily exploitable vulnerability allows successful network attacks via multiple protocols, requiring multiple authentications. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some MySQL Server accessible data. CVSS Base Score 3.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:M/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:M/C:N/I:P/A:N). Fix has been released CVE-2014-0393 P-8478V-5.1.71 and earlier P-8478V-5.5.33 and earlier P-8478V-5.6.13 and earlier 3.3 AV:N/AC:L/Au:M/C:N/I:P/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-8478V-5.1.71 and earlier P-8478V-5.5.33 and earlier P-8478V-5.6.13 and earlier Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Updates Environment Mgmt). Supported versions that are affected are 8.52 and 8.53. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2014-0394 P-5085V-8.52 P-5085V-8.53 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-5085V-8.52 P-5085V-8.53 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Updates Environment Mgmt). Supported versions that are affected are 8.52 and 8.53. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2014-0395 P-5085V-8.52 P-5085V-8.53 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-5085V-8.52 P-5085V-8.53 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal - Web Services). Supported versions that are affected are 8.52 and 8.53. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2014-0396 P-5085V-8.52 P-5085V-8.53 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-5085V-8.52 P-5085V-8.53 Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Discoverer). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2014-0398 P-510V-11.5.10.2 P-510V-12.0.6 P-510V-12.1.3 P-510V-12.2.2 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-510V-11.5.10.2 P-510V-12.0.6 P-510V-12.1.3 P-510V-12.2.2 Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Data, Domain & Function Security). Supported versions that are affected are 6.2, 6.3, 6.3.1 and 6.3.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Transportation Management accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Fix has been released CVE-2014-0399 P-1991V-6.2 P-1991V-6.3 P-1991V-6.3.1 P-1991V-6.3.2 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-1991V-6.2 P-1991V-6.3 P-1991V-6.3.1 P-1991V-6.3.2 Vulnerability in the Oracle Internet Directory component of Oracle Fusion Middleware (subcomponent: OID LDAP server). Supported versions that are affected are 11.1.1.6 and 11.1.1.7. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to any arbitrary Operating System location. CVSS Base Score 6.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:C/I:N/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:C/I:N/A:N). Fix has been released CVE-2014-0400 P-355V-11.1.1.6 P-355V-11.1.1.7 6.3 AV:N/AC:M/Au:S/C:C/I:N/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-355V-11.1.1.6 P-355V-11.1.1.7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Privileges). Supported versions that are affected are 5.1.72 and earlier, 5.5.34 and earlier and 5.6.14 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2014-0401 P-8478V-5.1.72 and earlier P-8478V-5.5.34 and earlier P-8478V-5.6.14 and earlier 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-8478V-5.1.72 and earlier P-8478V-5.5.34 and earlier P-8478V-5.6.14 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Locking). Supported versions that are affected are 5.1.71 and earlier, 5.5.33 and earlier and 5.6.13 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2014-0402 P-8478V-5.1.71 and earlier P-8478V-5.5.33 and earlier P-8478V-5.6.13 and earlier 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-8478V-5.1.71 and earlier P-8478V-5.5.33 and earlier P-8478V-5.6.13 and earlier Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u65 and Java SE 7u45. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 5.8 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N). Fix has been released CVE-2014-0403 P-856V-Java SE 6u65 P-856V-Java SE 7u45 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-856V-Java SE 6u65 P-856V-Java SE 7u45 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20 and 4.3.4. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as update, insert or delete access to some Oracle VM VirtualBox accessible data. CVSS Base Score 2.4 (Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:S/C:N/I:P/A:P). Oracle Vector: (AV:L/AC:H/Au:S/C:N/I:P/A:P+). Fix has been released CVE-2014-0404 P-8370V-VirtualBox prior to 3.2.20 P-8370V-4.0.22 P-8370V-4.1.30 P-8370V-4.2.20 P-8370V-4.3.4 2.4 AV:L/AC:H/Au:S/C:N/I:P/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-8370V-VirtualBox prior to 3.2.20 P-8370V-4.0.22 P-8370V-4.1.30 P-8370V-4.2.20 P-8370V-4.3.4 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20 and 4.3.4. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized update, insert or delete access to some Oracle VM VirtualBox accessible data as well as read access to a subset of Oracle VM VirtualBox accessible data and ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. Note: Applies only when a Windows guest with VirtualBox Additions installed is running on VirtualBox. CVSS Base Score 3.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:S/C:P/I:P/A:P). Oracle Vector: (AV:L/AC:H/Au:S/C:P/I:P/A:P). Fix has been released CVE-2014-0405 P-8370V-VirtualBox prior to 3.2.20 P-8370V-4.0.22 P-8370V-4.1.30 P-8370V-4.2.20 P-8370V-4.3.4 3.5 AV:L/AC:H/Au:S/C:P/I:P/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-8370V-VirtualBox prior to 3.2.20 P-8370V-4.0.22 P-8370V-4.1.30 P-8370V-4.2.20 P-8370V-4.3.4 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20 and 4.3.4. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized update, insert or delete access to all Oracle VM VirtualBox accessible data and ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS Base Score 2.4 (Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:S/C:N/I:P/A:P). Oracle Vector: (AV:L/AC:H/Au:S/C:N/I:P+/A:P). Fix has been released CVE-2014-0406 P-8370V-VirtualBox prior to 3.2.20 P-8370V-4.0.22 P-8370V-4.1.30 P-8370V-4.2.20 P-8370V-4.3.4 2.4 AV:L/AC:H/Au:S/C:N/I:P/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-8370V-VirtualBox prior to 3.2.20 P-8370V-4.0.22 P-8370V-4.1.30 P-8370V-4.2.20 P-8370V-4.3.4 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20 and 4.3.4. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized takeover of Oracle VM VirtualBox possibly including arbitrary code execution within the Oracle VM VirtualBox. CVSS Base Score 3.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:S/C:P/I:P/A:P). Oracle Vector: (AV:L/AC:H/Au:S/C:P+/I:P+/A:P+). Fix has been released CVE-2014-0407 P-8370V-VirtualBox prior to 3.2.20 P-8370V-4.0.22 P-8370V-4.1.30 P-8370V-4.2.20 P-8370V-4.3.4 3.5 AV:L/AC:H/Au:S/C:P/I:P/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-8370V-VirtualBox prior to 3.2.20 P-8370V-4.0.22 P-8370V-4.1.30 P-8370V-4.2.20 P-8370V-4.3.4 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Hotspot). The supported version that is affected is Java SE 7u45 on OS X. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). Fix has been released CVE-2014-0408 P-856V-Java SE 7u45 on OS X 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-856V-Java SE 7u45 on OS X Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u65 and Java SE 7u45. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Fix has been released CVE-2014-0410 P-856V-Java SE 6u65 P-856V-Java SE 7u45 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-856V-Java SE 6u65 P-856V-Java SE 7u45 Vulnerability in the Java SE, JRockit, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE 5.0u55, Java SE 6u65, Java SE 7u45, JRockit R27.7.7, JRockit R28.2.9 and Java SE Embedded 7u45. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, JRockit, Java SE Embedded accessible data as well as read access to a subset of Java SE, JRockit, Java SE Embedded accessible data. Note: Applies to client and server deployment of JSSE. CVSS Base Score 4.0 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N). Fix has been released CVE-2014-0411 P-856V-Java SE 5.0u55 P-856V-Java SE 6u65 P-856V-Java SE 7u45 P-856V-JRockit R27.7.7 P-856V-JRockit R28.2.9 P-856V-Java SE Embedded 7u45 4.0 AV:N/AC:H/Au:N/C:P/I:P/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-856V-Java SE 5.0u55 P-856V-Java SE 6u65 P-856V-Java SE 7u45 P-856V-JRockit R27.7.7 P-856V-JRockit R28.2.9 P-856V-Java SE Embedded 7u45 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.1.72 and earlier, 5.5.34 and earlier and 5.6.14 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2014-0412 P-8478V-5.1.72 and earlier P-8478V-5.5.34 and earlier P-8478V-5.6.14 and earlier 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-8478V-5.1.72 and earlier P-8478V-5.5.34 and earlier P-8478V-5.6.14 and earlier Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u65 and Java SE 7u45. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Fix has been released CVE-2014-0415 P-856V-Java SE 6u65 P-856V-Java SE 7u45 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-856V-Java SE 6u65 P-856V-Java SE 7u45 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAAS). Supported versions that are affected are Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, Java SE Embedded accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). Fix has been released CVE-2014-0416 P-856V-Java SE 5.0u55 P-856V-Java SE 6u65 P-856V-Java SE 7u45 P-856V-Java SE Embedded 7u45 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-856V-Java SE 5.0u55 P-856V-Java SE 6u65 P-856V-Java SE 7u45 P-856V-Java SE Embedded 7u45 Vulnerability in the Java SE, JavaFX, Java SE Embedded component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE 5.0u55, Java SE 6u65, Java SE 7u45, JavaFX 2.2.45 and Java SE Embedded 7u45. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). Fix has been released CVE-2014-0417 P-856V-Java SE 5.0u55 P-856V-Java SE 6u65 P-856V-Java SE 7u45 P-856V-JavaFX 2.2.45 P-856V-Java SE Embedded 7u45 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-856V-Java SE 5.0u55 P-856V-Java SE 6u65 P-856V-Java SE 7u45 P-856V-JavaFX 2.2.45 P-856V-Java SE Embedded 7u45 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u65 and Java SE 7u45. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data and ability to cause a partial denial of service (partial DOS) of Java SE. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 5.1 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P). Fix has been released CVE-2014-0418 P-856V-Java SE 6u65 P-856V-Java SE 7u45 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-856V-Java SE 6u65 P-856V-Java SE 7u45 Vulnerability in the Oracle Secure Global Desktop (SGD) component of Oracle Virtualization (subcomponent: Administration Console and Workspace Web Applications). Supported versions that are affected are SGD prior to 4.63 with December 2013 PSU , 4.71, 5.0 with December 2013 PSU and 5.10. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Secure Global Desktop (SGD) accessible data as well as read access to a subset of Oracle Secure Global Desktop (SGD) accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Secure Global Desktop (SGD). CVSS Base Score 5.1 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P). Fix has been released CVE-2014-0419 P-8539V-SGD prior to 4.63 with December 2013 PSU P-8539V-4.71 P-8539V-5.0 with December 2013 PSU P-8539V-5.10 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-8539V-SGD prior to 4.63 with December 2013 PSU P-8539V-4.71 P-8539V-5.0 with December 2013 PSU P-8539V-5.10 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Replication). Supported versions that are affected are 5.5.34 and earlier and 5.6.14 and earlier. Difficult to exploit vulnerability allows successful network attacks via multiple protocols, requiring multiple authentications. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 2.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:M/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:M/Au:M/C:N/I:N/A:P+). Fix has been released CVE-2014-0420 P-8478V-5.5.34 and earlier P-8478V-5.6.14 and earlier 2.8 AV:N/AC:M/Au:M/C:N/I:N/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-8478V-5.5.34 and earlier P-8478V-5.6.14 and earlier Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Fix has been released CVE-2014-0422 P-856V-Java SE 5.0u55 P-856V-Java SE 6u65 P-856V-Java SE 7u45 P-856V-Java SE Embedded 7u45 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-856V-Java SE 5.0u55 P-856V-Java SE 6u65 P-856V-Java SE 7u45 P-856V-Java SE Embedded 7u45 Vulnerability in the Java SE, JRockit, Java SE Embedded component of Oracle Java SE (subcomponent: Beans). Supported versions that are affected are Java SE 5.0u55, Java SE 6u65, Java SE 7u45, JRockit R27.7.7, JRockit R28.2.9 and Java SE Embedded 7u45. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE, JRockit, Java SE Embedded accessible data and ability to cause a partial denial of service (partial DOS) of Java SE, JRockit, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS Base Score 5.5 (Confidentiality and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:P). Fix has been released CVE-2014-0423 P-856V-Java SE 5.0u55 P-856V-Java SE 6u65 P-856V-Java SE 7u45 P-856V-JRockit R27.7.7 P-856V-JRockit R28.2.9 P-856V-Java SE Embedded 7u45 5.5 AV:N/AC:L/Au:S/C:P/I:N/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-856V-Java SE 5.0u55 P-856V-Java SE 6u65 P-856V-Java SE 7u45 P-856V-JRockit R27.7.7 P-856V-JRockit R28.2.9 P-856V-Java SE Embedded 7u45 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u65 and Java SE 7u45. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data and ability to cause a partial denial of service (partial DOS) of Java SE. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). Fix has been released CVE-2014-0424 P-856V-Java SE 6u65 P-856V-Java SE 7u45 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-856V-Java SE 6u65 P-856V-Java SE 7u45 Vulnerability in the PeopleSoft Enterprise SCM Services Procurement component of Oracle PeopleSoft Products (subcomponent: Security). The supported version that is affected is 9.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise SCM Services Procurement accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Fix has been released CVE-2014-0425 P-5135V-9.2 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-5135V-9.2 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: FTS). Supported versions that are affected are 5.6.13 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2014-0427 P-8478V-5.6.13 and earlier 3.5 AV:N/AC:M/Au:S/C:N/I:N/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-8478V-5.6.13 and earlier Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: CORBA). Supported versions that are affected are Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Fix has been released CVE-2014-0428 P-856V-Java SE 5.0u55 P-856V-Java SE 6u65 P-856V-Java SE 7u45 P-856V-Java SE Embedded 7u45 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-856V-Java SE 5.0u55 P-856V-Java SE 6u65 P-856V-Java SE 7u45 P-856V-Java SE Embedded 7u45 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Performance Schema). Supported versions that are affected are 5.6.13 and earlier. Difficult to exploit vulnerability allows successful network attacks via multiple protocols, requiring multiple authentications. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 2.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:M/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:M/Au:M/C:N/I:N/A:P+). Fix has been released CVE-2014-0430 P-8478V-5.6.13 and earlier 2.8 AV:N/AC:M/Au:M/C:N/I:N/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-8478V-5.6.13 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.14 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2014-0431 P-8478V-5.6.14 and earlier 3.5 AV:N/AC:M/Au:S/C:N/I:N/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-8478V-5.6.14 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Thread Pooling). Supported versions that are affected are 5.6.13 and earlier. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS Base Score 4.3 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P). Fix has been released CVE-2014-0433 P-8478V-5.6.13 and earlier 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-8478V-5.6.13 and earlier Vulnerability in the Oracle Agile Product Lifecycle Management for Process component of Oracle Supply Chain Products Suite (subcomponent: Installation). Supported versions that are affected are 6.0, 6.1 and 6.1.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Agile Product Lifecycle Management for Process accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2014-0434 P-4445V-6.0 P-4445V-6.1 P-4445V-6.1.1 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-4445V-6.0 P-4445V-6.1 P-4445V-6.1.1 Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Data, Domain & Function Security). Supported versions that are affected are 6.1, 6.2, 6.3, 6.3.1 and 6.3.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Transportation Management. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Fix has been released CVE-2014-0435 P-1991V-6.1 P-1991V-6.2 P-1991V-6.3 P-1991V-6.3.1 P-1991V-6.3.2 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-1991V-6.1 P-1991V-6.2 P-1991V-6.3 P-1991V-6.3.1 P-1991V-6.3.2 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Optimizer). Supported versions that are affected are 5.1.72 and earlier, 5.5.34 and earlier and 5.6.14 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2014-0437 P-8478V-5.1.72 and earlier P-8478V-5.5.34 and earlier P-8478V-5.6.14 and earlier 3.5 AV:N/AC:M/Au:S/C:N/I:N/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-8478V-5.1.72 and earlier P-8478V-5.5.34 and earlier P-8478V-5.6.14 and earlier Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Panel Processor). Supported versions that are affected are 8.52 and 8.53. Easily exploitable vulnerability allows successful authenticated network attacks via None. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Fix has been released CVE-2014-0438 P-5085V-8.52 P-5085V-8.53 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-5085V-8.52 P-5085V-8.53 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Report Distribution). Supported versions that are affected are 8.52 and 8.53. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). Fix has been released CVE-2014-0439 P-5085V-8.52 P-5085V-8.53 4.0 AV:N/AC:L/Au:S/C:N/I:P/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-5085V-8.52 P-5085V-8.53 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.52 and 8.53. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Fix has been released CVE-2014-0440 P-5085V-8.52 P-5085V-8.53 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-5085V-8.52 P-5085V-8.53 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.52 and 8.53. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Fix has been released CVE-2014-0441 P-5085V-8.52 P-5085V-8.53 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-5085V-8.52 P-5085V-8.53 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security). The supported version that is affected is 8.52. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). Fix has been released CVE-2014-0443 P-5085V-8.52 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-5085V-8.52 Vulnerability in the Oracle AutoVue component of Oracle Supply Chain Products Suite (subcomponent: Web General). The supported version that is affected is 20.1.1. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle AutoVue accessible data. CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). Fix has been released CVE-2014-0444 P-4453V-20.1.1 3.5 AV:N/AC:M/Au:S/C:P/I:N/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-4453V-20.1.1 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.52 and 8.53. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2014-0445 P-5085V-8.52 P-5085V-8.53 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2014 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2014.html P-5085V-8.52 P-5085V-8.53