Oracle Critical Patch Update Advisory - January 2016 - Beta Oracle CVRF Oracle Critical Patch Update Advisory CPUJan2016 Final 1.0 1.0 2016-01-19T13:00:00-07:00 Initial Distribution 2016-01-19T13:00:00-07:00 2016-01-19T13:00:00-07:00 This document contains descriptions of Oracle product security vulnerabilities which have had fixes released for all supported versions and platforms for the associated product. Additional information regarding these vulnerabilities including fix distribution information can be found at the Oracle sites referenced in this document. This document is published at: http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/2368796.xml https://www.oracle.com/security-alerts/cpujan2016.html URL to html version of Advisory Adam Willard Raytheon Foreground Security Ahmed Adel Abdelfattah Ahmed Adel Abdelfattah Alexey Tyurin ERPScan Andrea Micalizzi HP's Zero Day Initiative Ayoub Ait Elmokhtar Ayoub Ait Elmokhtar Ben Khlifa Fahmi Ben Khlifa Fahmi Brandon Vincent Brandon Vincent Calum Hutton Calum Hutton Cyber Warrior Bug Researchers Cyber Warrior Bug Researchers Cybersecurity-upv Cybersecurity-upv Danyal Zafar Danyal Zafar David Litchfield Google Dmitry Janushkevich Secunia Research Fernando Russ Onapsis FortiGuard Labs Fortinet, Inc. Francois Goichon Context Information Security Hamza Zulfiqar Bhatti Hamza Zulfiqar Bhatti Igor Kopylenko McAfee Security Research Ivan Chalykin ERPScan Jakub Palaczynski ING Services Polska John Page John Page Jose Carlos Exposito Bueno Jose Carlos Exposito Bueno Karthikeyan Bhargavan Karthikeyan Bhargavan (and Gaetan Leurent) Khair Alhamad Khair Alhamad Lovi Yu Salesforce.com Luca Carettoni Luca Carettoni Matias Mevied Onapsis Mike Arnold HPs Zero Day Initiative ( Tippingpoint) Mohamed Khaled Fathy Mohamed Khaled Fathy Mohammed Al Bess, Mohammad Abuhassan Mohammed Al Bess ,Mohammad Abuhassan Muhammed Gamal Fahmy Muhammed Gamal Fahmy Nassim Bouali Nassim Bouali Nicholas Lemonias Advanced Information Security Corporation Nikita Kelesis ERPScan Peter Kostiuk Salesforce.com Pradeep Kumar Pradeep Kumar Prem Kumar Prem Kumar Renato Rodrigues Renato Rodrigues Ryan Giobbi American Eagle Outfitters Samuel Orellana Samuel Orellana Sergey Gorbaty Salesforce.com Shahmeer Amir Maads Security Shai Meir McAfee Security Research Shawar Khan Shawar Khan Spyridon Chatzimichail COSMOTE - Mobile Telecommunications S.A. Stefan Kanthak Stefan Kanthak Stephen Kost Integrigy Travis Emmert Salesforce.com Waleed Ezz Eldin WIBF Kevin Weijun Lin Future-Sec Will Dormann CERT/CC Wouter Coekaerts Wouter Coekaerts an Anonymous Reporter HP's Zero Day Initiative Communications Service Broker Version 6.0 Communications Service Broker Version 6.1 Communications Service Broker Engineered System Edition Version 6.0 Communications Converged Application Server - Service Controller Version 6.1 Communications Online Mediation Controller Version 6.1 Communications EAGLE LNP Application Processor Version 10.0 Oracle Database Version 11.2.0.4 Oracle Database Version 12.1.0.1 Oracle Database Version 12.1.0.2 XML Developers Kit Version 11.2.0.4 XML Developers Kit Version 12.1.0.1 XML Developers Kit Version 12.1.0.2 Workspace Manager Version 11.2.0.4 Applications Manager Version 12.1.3 E-Business Intelligence Version 11.5.10.2 E-Business Intelligence Version 12.1.1 E-Business Intelligence Version 12.1.2 E-Business Intelligence Version 12.1.3 Interaction Blending Version 11.5.10.2 Interaction Blending Version 12.1.1 Interaction Blending Version 12.1.2 Interaction Blending Version 12.1.3 Interaction Blending Version 12.2.3 Interaction Blending Version 12.2.4 Interaction Blending Version 12.2.5 Balanced Scorecard Version 11.5.10.2 Balanced Scorecard Version 12.1 Quality Version 11.5.10.2 Marketing Version 11.5.10.2 Marketing Version 12.1.1 Marketing Version 12.1.2 Marketing Version 12.1.3 Marketing Version 12.2.3 Marketing Version 12.2.4 Marketing Version 12.2.5 Interaction Center Intelligence Version 11.5.10.2 Interaction Center Intelligence Version 12.1.1 Interaction Center Intelligence Version 12.1.2 Interaction Center Intelligence Version 12.1.3 Customer Intelligence Version 11.5.10.2 Customer Intelligence Version 12.1.1 Customer Intelligence Version 12.1.2 Customer Intelligence Version 12.1.3 Customer Intelligence Version 12.2.3 Customer Intelligence Version 12.2.4 Customer Intelligence Version 12.2.5 Internet Expenses Version 11.5.10.2 iProcurement Version 11.5.10.2 Service Contracts Version 11.5.10.2 Service Contracts Version 12.1.1 Service Contracts Version 12.1.2 Service Contracts Version 12.1.3 General Ledger Version 11.5.10.2 Human Resources Version 11.5.10.2 Application Object Library Version 11.5.10.2 Field Service Version 12.1.1 Field Service Version 12.1.2 Field Service Version 12.1.3 Field Service Version 12.2.3 Field Service Version 12.2.4 Field Service Version 12.2.5 Report Manager Version 11.5.10.2 Report Manager Version 12.1.3 Report Manager Version 12.2.3 Report Manager Version 12.2.4 Universal Work Queue Version 11.5.10.2 Universal Work Queue Version 12.1.1 Universal Work Queue Version 12.1.2 Universal Work Queue Version 12.1.3 Advanced Collections Version 11.5.10.2 Advanced Collections Version 12.1.1 Advanced Collections Version 12.1.2 Advanced Collections Version 12.1.3 Project Contracts Version 12.1.1 Project Contracts Version 12.1.2 Project Contracts Version 12.1.3 Learning Management Version 11.5.10.2 Email Center Version 12.1.1 Email Center Version 12.1.2 Email Center Version 12.1.3 Mobile Application Server Version 12.1 Mobile Application Server Version 12.2 iReceivables Version 11.5.10.2 Approvals Management Version 11.5.10.2 Common Applications Version 11.5.10.2 Common Applications Version 12.1.1 Common Applications Version 12.1.2 Common Applications Version 12.1.3 CRM Technical Foundation Version 11.5.10.2 CRM Technical Foundation Version 12.1.3 CRM Technical Foundation Version 12.2.3 CRM Technical Foundation Version 12.2.4 CRM Technical Foundation Version 12.2.5 CADView-3D Version 11.5.10.2 CADView-3D Version 12.1.1 CADView-3D Version 12.1.2 CADView-3D Version 12.1.3 Customer Interaction History Version 12.1.1 Customer Interaction History Version 12.1.2 Customer Interaction History Version 12.1.3 Customer Interaction History Version 12.2.3 Customer Interaction History Version 12.2.4 Customer Interaction History Version 12.2.5 Financial Consolidation Hub Version 11.5.10.2 Financial Consolidation Hub Version 12.1.1 Financial Consolidation Hub Version 12.1.2 Financial Consolidation Hub Version 12.1.3 Applications Framework Version 11.5.10.2 Applications Framework Version 12.1 Applications Framework Version 12.1.3 Applications Framework Version 12.2 Applications Framework Version 12.2.3 Applications Framework Version 12.2.4 Applications Framework Version 12.2.5 Self-Service Human Resources Version 11.5.10.2 Applications Technology Stack Version 11.5.10.2 HCM Configuration Workbench Version 12.1.1 HCM Configuration Workbench Version 12.1.2 HCM Configuration Workbench Version 12.1.3 Application Management Pack for Oracle E-Business Suite Version 12.1 Application Management Pack for Oracle E-Business Suite Version 12.2 Enterprise Manager Base Platform Version 11.1.0.1 Enterprise Manager Base Platform Version 11.2.0.4 Enterprise Manager Base Platform Version 12.1.0.4 Enterprise Manager Base Platform Version 12.1.0.5 Application Testing Suite Version 12.4.0.2 Application Testing Suite Version 12.5.0.2 Enterprise Manager Ops Center Version 12.2.0 Enterprise Manager Ops Center Version 12.2.1 Enterprise Manager Ops Center Version 12.3.0 Enterprise Manager Ops Center Version Prior to 12.1.4 Web Cache Version 11.1.1.7.0 Web Cache Version 11.1.1.9.0 BI Publisher (formerly XML Publisher) Version 11.1.1.7.0 BI Publisher (formerly XML Publisher) Version 11.1.1.9.0 BI Publisher (formerly XML Publisher) Version 12.2.1.0.0 Identity Federation Version 11.1.1.7 Identity Federation Version 11.1.2.2 Business Intelligence Enterprise Edition Version 11.1.1.7.0 Business Intelligence Enterprise Edition Version 11.1.1.9.0 Outside In Technology Version 8.5.0 Outside In Technology Version 8.5.1 Outside In Technology Version 8.5.2 WebLogic Server Version 10.3.6 WebLogic Server Version 12.1.2 WebLogic Server Version 12.1.3 WebLogic Server Version 12.2.1 WebLogic Portal Version 10.3.6 Tuxedo Version 12.1.1.0 GlassFish Server Version 3.1.2 WebCenter Sites Version 11.1.1.8.0 WebCenter Sites Version 7.6.2 Endeca Server Version 7.3.0.0 Endeca Server Version 7.4.0.0 Endeca Server Version 7.5.0.0 Endeca Server Version 7.6.0.0 GoldenGate Version 11.2 GoldenGate Version 12.1.2 JD Edwards EnterpriseOne Tools Version 9.1 JD Edwards EnterpriseOne Tools Version 9.2 Java Version 7u91 Java Version 8u66; Java SE Embedded: 8u65 Java Version 8u66; Java SE Embedded: 8u65; JRockit: R28.3.8 Java Version Java SE: 6u105 Java Version Java SE: 8u66; Java SE Embedded: 8u65; JRockit: R28.3.8 MySQL Server Version 5.5.31 and earlier MySQL Server Version 5.5.45 and earlier MySQL Server Version 5.5.46 and earlier MySQL Server Version 5.6.11 and earlier MySQL Server Version 5.6.21 and earlier MySQL Server Version 5.6.26 and earlier MySQL Server Version 5.6.27 and earlier MySQL Server Version 5.7.9 PeopleSoft Enterprise HCM Global Payroll Switzerland Version 9.1 PeopleSoft Enterprise HCM Global Payroll Switzerland Version 9.2 PeopleSoft Enterprise PT PeopleTools Version 8.53 PeopleSoft Enterprise PT PeopleTools Version 8.54 PeopleSoft Enterprise PT PeopleTools Version 8.55 PeopleSoft Enterprise SCM eProcurement Version 9.1 PeopleSoft Enterprise SCM eProcurement Version 9.2 PeopleSoft Enterprise SCM Order Management Version 9.1 PeopleSoft Enterprise SCM Order Management Version 9.2 PeopleSoft Enterprise SCM Purchasing Version 9.1 PeopleSoft Enterprise SCM Purchasing Version 9.2 Retail Point-of-Service Version 13.4 Retail Point-of-Service Version 14.0 Retail Point-of-Service Version 14.1 Retail Order Management System Cloud Service Version 15.0 Retail Order Management System Cloud Service Version 3.5 Retail Order Management System Cloud Service Version 4.5 Retail Order Management System Cloud Service Version 4.7 Retail Order Management System Cloud Service Version 5.0 Retail Order Broker Cloud Service Version 4.0 Retail Order Broker Cloud Service Version 4.1. Retail Open Commerce Platform Cloud Service Version 3.5 Retail Open Commerce Platform Cloud Service Version 4.5 Retail Open Commerce Platform Cloud Service Version 4.7 Retail Open Commerce Platform Cloud Service Version 5.0 MICROS CWDirect Version 12.5 MICROS CWDirect Version 13.0 MICROS CWDirect Version 14.0 MICROS CWDirect Version 15.0 MICROS CWDirect Version 16.0 MICROS CWDirect Version 17.018.0 OPUS 10G Ethernet Switch Family Version Versions prior to 1.2.2.13 OPUS 10G Ethernet Switch Family Version Versions prior to 1.2.2.15 OPUS 10G Ethernet Switch Family Version Versions prior to 1.3.1.13 Solaris Cluster Version 3.3 Solaris Cluster Version 4 Solaris Cluster Version 4.2 Solaris Operating System Version 10 Solaris Operating System Version 11 Configurator Version 11.5.10.2 Configurator Version 12.1 Configurator Version 12.2 Agile Engineering Data Management Version 6.1.2.2 Agile Engineering Data Management Version 6.1.3.0 Agile Engineering Data Management Version 6.2.0.0 Agile PLM Framework Version 9.3.1.1 Agile PLM Framework Version 9.3.1.2 Agile PLM Framework Version 9.3.2 Agile PLM Framework Version 9.3.3 Oracle VM VirtualBox Version VirtualBox prior to 4.0.36 Oracle VM VirtualBox Version VirtualBox prior to 4.3.36 Oracle VM VirtualBox Version VirtualBox prior to 5.0.14 Oracle VM VirtualBox Version prior to 4.1.44 Oracle VM VirtualBox Version prior to 4.2.36 Oracle VM VirtualBox Version prior to 4.3.34 Oracle VM VirtualBox Version prior to 5.0.10 Oracle VM VirtualBox Version prior to 5.0.14 Secure Global Desktop Version 4.63 Secure Global Desktop Version 4.71 Secure Global Desktop Version 5.2 iLearning Version 6.0 iLearning Version 6.1 Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Grid Control (subcomponent: Satellite Framework). Supported versions that are affected are Prior to 12.1.4, 12.2.0, 12.2.1 and 12.3.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized takeover of Enterprise Manager Ops Center possibly including arbitrary code execution within the Enterprise Manager Ops Center. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:P+). Fix has been released CVE-2013-1741 P-9835V-Prior to 12.1.4 P-9835V-12.2.0 P-9835V-12.2.1 P-9835V-12.3.0 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-9835V-Prior to 12.1.4 P-9835V-12.2.0 P-9835V-12.2.1 P-9835V-12.3.0 Vulnerability in the Oracle WebLogic Portal component of Oracle Fusion Middleware (subcomponent: Core Services). The supported version that is affected is 10.3.6. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebLogic Portal accessible data as well as read access to a subset of Oracle WebLogic Portal accessible data and ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Portal. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). Fix has been released CVE-2013-2186 P-5307V-10.3.6 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-5307V-10.3.6 Vulnerability in the Oracle Communications Service Broker component of Oracle Communications Applications (subcomponent: Apache Commons FileUpLoad). Supported versions that are affected are 6.0 and 6.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP, but can only be launched from an adjacent network. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Communications Service Broker accessible data as well as read access to a subset of Oracle Communications Service Broker accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Communications Service Broker. CVSS Base Score 5.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:A/AC:L/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:A/AC:L/Au:N/C:P/I:P/A:P). Fix has been released CVE-2014-0050 P-8565V-6.0 P-8565V-6.1 5.8 AV:A/AC:L/Au:N/C:P/I:P/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-8565V-6.0 P-8565V-6.1 Vulnerability in the Oracle Communications Service Broker Engineered System Edition component of Oracle Communications Applications (subcomponent: Apache Commons FileUpLoad). The supported version that is affected is 6.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Communications Service Broker Engineered System Edition accessible data as well as read access to a subset of Oracle Communications Service Broker Engineered System Edition accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). Fix has been released CVE-2014-0050 P-9056V-6.0 5.5 AV:N/AC:L/Au:S/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-9056V-6.0 Vulnerability in the Oracle Communications Converged Application Server - Service Controller component of Oracle Communications Applications (subcomponent: Apache Commons FileUpLoad). The supported version that is affected is 6.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP, but can only be launched from an adjacent network. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Communications Converged Application Server - Service Controller accessible data as well as read access to a subset of Oracle Communications Converged Application Server - Service Controller accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Communications Converged Application Server - Service Controller. CVSS Base Score 5.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:A/AC:L/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:A/AC:L/Au:N/C:P/I:P/A:P). Fix has been released CVE-2014-0050 P-10593V-6.1 5.8 AV:A/AC:L/Au:N/C:P/I:P/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-10593V-6.1 Vulnerability in the Oracle Communications Online Mediation Controller component of Oracle Communications Applications (subcomponent: Apache Commons FileUpLoad). The supported version that is affected is 6.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP, but can only be launched from an adjacent network. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Communications Online Mediation Controller accessible data as well as read access to a subset of Oracle Communications Online Mediation Controller accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Communications Online Mediation Controller. CVSS Base Score 5.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:A/AC:L/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:A/AC:L/Au:N/C:P/I:P/A:P). Fix has been released CVE-2014-0050 P-10594V-6.1 5.8 AV:A/AC:L/Au:N/C:P/I:P/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-10594V-6.1 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: XML Parser). Supported versions that are affected are 10.3.6, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebLogic Server accessible data as well as read access to a subset of Oracle WebLogic Server accessible data and ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). Fix has been released CVE-2014-0107 P-5242V-10.3.6 P-5242V-12.1.2 P-5242V-12.1.3 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-5242V-10.3.6 P-5242V-12.1.2 P-5242V-12.1.3 Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Sites). Supported versions that are affected are 7.6.2 and 11.1.1.8.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebCenter Sites accessible data as well as read access to a subset of Oracle WebCenter Sites accessible data and ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Sites. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). Fix has been released CVE-2014-0107 P-9617V-7.6.2 P-9617V-11.1.1.8.0 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-9617V-7.6.2 P-9617V-11.1.1.8.0 Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Grid Control (subcomponent: Update Provisioning). Supported versions that are affected are Prior to 12.1.4, 12.2.0, 12.2.1 and 12.3.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Ops Center accessible data. CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). Fix has been released CVE-2014-3583 P-9835V-Prior to 12.1.4 P-9835V-12.2.0 P-9835V-12.2.1 P-9835V-12.3.0 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-9835V-Prior to 12.1.4 P-9835V-12.2.0 P-9835V-12.2.1 P-9835V-12.3.0 Vulnerability in the Oracle Communications EAGLE LNP Application Processor component of Oracle Communications Applications (subcomponent: Glibc). The supported version that is affected is 10.0. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Communications EAGLE LNP Application Processor accessible data as well as read access to a subset of Oracle Communications EAGLE LNP Application Processor accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Communications EAGLE LNP Application Processor. CVSS Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P). Fix has been released CVE-2015-0235 P-11118V-10.0 6.0 AV:N/AC:M/Au:S/C:P/I:P/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-11118V-10.0 Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Grid Control (subcomponent: Networking). Supported versions that are affected are Prior to 12.1.4, 12.2.0, 12.2.1 and 12.3.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Ops Center. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Fix has been released CVE-2015-0286 P-9835V-Prior to 12.1.4 P-9835V-12.2.0 P-9835V-12.2.1 P-9835V-12.3.0 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-9835V-Prior to 12.1.4 P-9835V-12.2.0 P-9835V-12.2.1 P-9835V-12.3.0 Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Discovery Framework). Supported versions that are affected are 12.1.0.4 and 12.1.0.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Base Platform accessible data as well as read access to a subset of Enterprise Manager Base Platform accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Fix has been released CVE-2015-1793 P-1370V-12.1.0.4 P-1370V-12.1.0.5 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1370V-12.1.0.4 P-1370V-12.1.0.5 Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: BI Platform Security). Supported versions that are affected are 11.1.1.7.0 and 11.1.1.9.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Business Intelligence Enterprise Edition accessible data as well as read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Fix has been released CVE-2015-1793 P-2025V-11.1.1.7.0 P-2025V-11.1.1.9.0 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-2025V-11.1.1.7.0 P-2025V-11.1.1.9.0 Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: SSL/TLS). The supported version that is affected is 12.1.1.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Tuxedo accessible data as well as read access to a subset of Oracle Tuxedo accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Fix has been released CVE-2015-1793 P-5433V-12.1.1.0 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-5433V-12.1.1.0 Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Grid Control (subcomponent: Networking). Supported versions that are affected are Prior to 12.1.4, 12.2.0, 12.2.1 and 12.3.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Ops Center accessible data as well as read access to a subset of Enterprise Manager Ops Center accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Fix has been released CVE-2015-1793 P-9835V-Prior to 12.1.4 P-9835V-12.2.0 P-9835V-12.2.1 P-9835V-12.3.0 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-9835V-Prior to 12.1.4 P-9835V-12.2.0 P-9835V-12.2.1 P-9835V-12.3.0 Vulnerability in the Oracle Switch ES1-24 component of Oracle Sun Systems Products Suite (subcomponent: Firmware). The supported version that is affected is Versions prior to 1.3.1.13. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Switch ES1-24 accessible data as well as read access to a subset of Oracle Switch ES1-24 accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Fix has been released CVE-2015-1793 P-9889V-Versions prior to 1.3.1.13 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-9889V-Versions prior to 1.3.1.13 Vulnerability in the Sun Blade 6000 Ethernet Switched NEM 24P 10GE component of Oracle Sun Systems Products Suite (subcomponent: Firmware). The supported version that is affected is Versions prior to 1.2.2.13. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Sun Blade 6000 Ethernet Switched NEM 24P 10GE accessible data as well as read access to a subset of Sun Blade 6000 Ethernet Switched NEM 24P 10GE accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Fix has been released CVE-2015-1793 P-9889V-Versions prior to 1.2.2.13 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-9889V-Versions prior to 1.2.2.13 Vulnerability in the Sun Network 10GE Switch 72p component of Oracle Sun Systems Products Suite (subcomponent: Firmware). The supported version that is affected is Versions prior to 1.2.2.15. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Sun Network 10GE Switch 72p accessible data as well as read access to a subset of Sun Network 10GE Switch 72p accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Fix has been released CVE-2015-1793 P-9889V-Versions prior to 1.2.2.15 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-9889V-Versions prior to 1.2.2.15 Vulnerability in the Oracle Endeca Server component of Oracle Fusion Middleware (subcomponent: SSL/TLS). Supported versions that are affected are 7.3.0.0, 7.4.0.0, 7.5.0.0 and 7.6.0.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Endeca Server accessible data as well as read access to a subset of Oracle Endeca Server accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Fix has been released CVE-2015-1793 P-10217V-7.3.0.0 P-10217V-7.4.0.0 P-10217V-7.5.0.0 P-10217V-7.6.0.0 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-10217V-7.3.0.0 P-10217V-7.4.0.0 P-10217V-7.5.0.0 P-10217V-7.6.0.0 Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Grid Control (subcomponent: Networking). Supported versions that are affected are Prior to 12.1.4, 12.2.0, 12.2.1 and 12.3.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Enterprise Manager Ops Center accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2015-3153 P-9835V-Prior to 12.1.4 P-9835V-12.2.0 P-9835V-12.2.1 P-9835V-12.3.0 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-9835V-Prior to 12.1.4 P-9835V-12.2.0 P-9835V-12.2.1 P-9835V-12.3.0 Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: Apache HTTP Server). Supported versions that are affected are 4.63, 4.71 and 5.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Secure Global Desktop accessible data. CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). Fix has been released CVE-2015-3183 P-8539V-4.63 P-8539V-4.71 P-8539V-5.2 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-8539V-4.63 P-8539V-4.71 P-8539V-5.2 Vulnerability in the Oracle HTTP Server component of Oracle E-Business Suite (subcomponent: Open SSL). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Fix has been released CVE-2015-3195 P-1745V-11.5.10.2 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1745V-11.5.10.2 Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: OpenSSL). Supported versions that are affected are 4.63, 4.71 and 5.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Secure Global Desktop accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2015-4000 P-8539V-4.63 P-8539V-4.71 P-8539V-5.2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-8539V-4.63 P-8539V-4.71 P-8539V-5.2 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.0, 8.5.1 and 8.5.2. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS Base Score would increase to 6.8. CVSS Base Score 1.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:P). Fix has been released CVE-2015-4808 P-2276V-8.5.0 P-2276V-8.5.1 P-2276V-8.5.2 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-2276V-8.5.0 P-2276V-8.5.1 P-2276V-8.5.2 Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Agent Next Gen). The supported version that is affected is 12.1.0.4. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Enterprise Manager Base Platform accessible data. CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). Fix has been released CVE-2015-4885 P-1370V-12.1.0.4 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1370V-12.1.0.4 Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Monitoring and Diagnostics SEC). Supported versions that are affected are 9.1 and 9.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized takeover of JD Edwards EnterpriseOne Tools possibly including arbitrary code execution within the JD Edwards EnterpriseOne Tools. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:M/Au:N/C:P+/I:P+/A:P+). Fix has been released CVE-2015-4919 P-4781V-9.1 P-4781V-9.2 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-4781V-9.1 P-4781V-9.2 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: NDMP Backup Service). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data. Note: Unsupported Solaris 11.x versions should be upgraded to a supported release or patch set. Refer to the Critical Patch Update January 2015 Patch Availability Document for Oracle Sun Systems Products Suite. CVSS Base Score 2.1 (Integrity impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:L/AC:L/Au:N/C:N/I:P/A:N). Fix has been released CVE-2015-4920 P-10006V-11 2.1 AV:L/AC:L/Au:N/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-10006V-11 Vulnerability in the Database Vault component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Database Vault accessible data. CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). Fix has been released CVE-2015-4921 P-5V-11.2.0.4 P-5V-12.1.0.1 P-5V-12.1.0.2 4.0 AV:N/AC:L/Au:S/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-5V-11.2.0.4 P-5V-12.1.0.1 P-5V-12.1.0.2 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Boot). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. Note: Unsupported Solaris 11.x versions should be upgraded to a supported release or patch set. Refer to the Critical Patch Update January 2015 Patch Availability Document for Oracle Sun Systems Products Suite. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Fix has been released CVE-2015-4922 P-10006V-11 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-10006V-11 Vulnerability in the XML Developer's Kit for C component of Oracle Database Server. This vulnerability requires Valid account privileges for a successful attack. Supported versions that are affected are 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of XML Developer's Kit for C. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Fix has been released CVE-2015-4923 P-1068V-11.2.0.4 P-1068V-12.1.0.1 P-1068V-12.1.0.2 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1068V-11.2.0.4 P-1068V-12.1.0.1 P-1068V-12.1.0.2 Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.1.1, 9.3.1.2, 9.3.2 and 9.3.3. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Agile PLM accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Fix has been released CVE-2015-4924 P-4461V-9.3.1.1 P-4461V-9.3.1.2 P-4461V-9.3.2 P-4461V-9.3.3 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-4461V-9.3.1.1 P-4461V-9.3.1.2 P-4461V-9.3.2 P-4461V-9.3.3 Vulnerability in the Workspace Manager component of Oracle Database Server. This vulnerability requires Create Session, Create Table, Create Procedure privileges for a successful attack. The supported version that is affected is 11.2.0.4. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized takeover of Workspace Manager possibly including arbitrary code execution within the Workspace Manager. CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:P+/I:P+/A:P+). Fix has been released CVE-2015-4925 P-1105V-11.2.0.4 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1105V-11.2.0.4 Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: UIX). Supported versions that are affected are 11.5.10.2, 12.1 and 12.2. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Applications Framework accessible data. CVSS Base Score 2.6 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N). Fix has been released CVE-2015-4926 P-1472V-11.5.10.2 P-1472V-12.1 P-1472V-12.2 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1472V-11.5.10.2 P-1472V-12.1 P-1472V-12.2 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are VirtualBox prior to 4.0.36, prior to 4.1.44, prior to 4.2.36, prior to 4.3.34 and prior to 5.0.10. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). Oracle Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). Fix has been released CVE-2015-5307 P-8370V-VirtualBox prior to 4.0.36 P-8370V-prior to 4.1.44 P-8370V-prior to 4.2.36 P-8370V-prior to 4.3.34 P-8370V-prior to 5.0.10 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-8370V-VirtualBox prior to 4.0.36 P-8370V-prior to 4.1.44 P-8370V-prior to 4.2.36 P-8370V-prior to 4.3.34 P-8370V-prior to 5.0.10 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.0, 8.5.1 and 8.5.2. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS Base Score would increase to 6.8. CVSS Base Score 1.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:P). Fix has been released CVE-2015-6013 P-2276V-8.5.0 P-2276V-8.5.1 P-2276V-8.5.2 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-2276V-8.5.0 P-2276V-8.5.1 P-2276V-8.5.2 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.0, 8.5.1 and 8.5.2. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS Base Score would increase to 6.8. CVSS Base Score 1.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:P). Fix has been released CVE-2015-6014 P-2276V-8.5.0 P-2276V-8.5.1 P-2276V-8.5.2 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-2276V-8.5.0 P-2276V-8.5.1 P-2276V-8.5.2 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.0, 8.5.1 and 8.5.2. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS Base Score would increase to 6.8. CVSS Base Score 1.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:P). Fix has been released CVE-2015-6015 P-2276V-8.5.0 P-2276V-8.5.1 P-2276V-8.5.2 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-2276V-8.5.0 P-2276V-8.5.1 P-2276V-8.5.2 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are VirtualBox prior to 4.0.36, prior to 4.1.44, prior to 4.2.36, prior to 4.3.34 and prior to 5.0.10. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle VM VirtualBox accessible data as well as read access to a subset of Oracle VM VirtualBox accessible data and ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). Fix has been released CVE-2015-7183 P-8370V-VirtualBox prior to 4.0.36 P-8370V-prior to 4.1.44 P-8370V-prior to 4.2.36 P-8370V-prior to 4.3.34 P-8370V-prior to 5.0.10 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-8370V-VirtualBox prior to 4.0.36 P-8370V-prior to 4.1.44 P-8370V-prior to 4.2.36 P-8370V-prior to 4.3.34 P-8370V-prior to 5.0.10 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u105, 7u91 and 8u66; Java SE Embedded: 8u65; JRockit: R28.3.8. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, Java SE Embedded, JRockit accessible data as well as read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS Base Score 4.0 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N). Fix has been released CVE-2015-7575 P-856V-Java SE: 6u105 P-856V-7u91 P-856V-8u66; Java SE Embedded: 8u65; JRockit: R28.3.8 4.0 AV:N/AC:H/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-856V-Java SE: 6u105 P-856V-7u91 P-856V-8u66; Java SE Embedded: 8u65; JRockit: R28.3.8 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.45 and earlier and 5.6.26 and earlier. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS Base Score 2.6 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N). Fix has been released CVE-2015-7744 P-8478V-5.5.45 and earlier P-8478V-5.6.26 and earlier 2.6 AV:N/AC:H/Au:N/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-8478V-5.5.45 and earlier P-8478V-5.6.26 and earlier Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are VirtualBox prior to 4.0.36, prior to 4.1.44, prior to 4.2.36, prior to 4.3.34 and prior to 5.0.10. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 4.7 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:C). Oracle Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:C). Fix has been released CVE-2015-8104 P-8370V-VirtualBox prior to 4.0.36 P-8370V-prior to 4.1.44 P-8370V-prior to 4.2.36 P-8370V-prior to 4.3.34 P-8370V-prior to 5.0.10 4.7 AV:L/AC:M/Au:N/C:N/I:N/A:C CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-8370V-VirtualBox prior to 4.0.36 P-8370V-prior to 4.1.44 P-8370V-prior to 4.2.36 P-8370V-prior to 4.3.34 P-8370V-prior to 5.0.10 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u105, 7u91 and 8u66; Java SE Embedded: 8u65. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Fix has been released CVE-2015-8126 P-856V-Java SE: 6u105 P-856V-7u91 P-856V-8u66; Java SE Embedded: 8u65 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-856V-Java SE: 6u105 P-856V-7u91 P-856V-8u66; Java SE Embedded: 8u65 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Grub2). The supported version that is affected is 11. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). Fix has been released CVE-2015-8370 P-10006V-11 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-10006V-11 Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware (subcomponent: Scheduler). Supported versions that are affected are 11.1.1.7.0 and 11.1.1.9.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle BI Publisher accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2016-0401 P-1479V-11.1.1.7.0 P-1479V-11.1.1.9.0 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1479V-11.1.1.7.0 P-1479V-11.1.1.9.0 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u105, 7u91 and 8u66; Java SE Embedded: 8u65. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, Java SE Embedded accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). Fix has been released CVE-2016-0402 P-856V-Java SE: 6u105 P-856V-7u91 P-856V-8u66; Java SE Embedded: 8u65 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-856V-Java SE: 6u105 P-856V-7u91 P-856V-8u66; Java SE Embedded: 8u65 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: SMB Utilities). The supported version that is affected is 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via SMB. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). Note: Unsupported Solaris 11.x versions should be upgraded to a supported release or patch set. Refer to the Critical Patch Update January 2015 Patch Availability Document for Oracle Sun Systems Products Suite. CVSS Base Score 7.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). Fix has been released CVE-2016-0403 P-10006V-11 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-10006V-11 Vulnerability in the Oracle Identity Federation component of Oracle Fusion Middleware (subcomponent: Admin). The supported version that is affected is 11.1.2.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Identity Federation accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2016-0404 P-1741V-11.1.2.2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1741V-11.1.2.2 Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: Cluster Manageability and Serviceability). Supported versions that are affected are 3.3 and 4. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized read access to a subset of Solaris Cluster accessible data. CVSS Base Score 1.7 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:L/AC:L/Au:S/C:P/I:N/A:N). Fix has been released CVE-2016-0405 P-10005V-3.3 P-10005V-4 1.7 AV:L/AC:L/Au:S/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-10005V-3.3 P-10005V-4 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Libc Library). The supported version that is affected is 11. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 3.3 (Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P). Oracle Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P). Fix has been released CVE-2016-0406 P-10006V-11 3.3 AV:L/AC:M/Au:N/C:N/I:P/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-10006V-11 Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Switzerland component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 9.1 and 9.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM Global Payroll Switzerland accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Fix has been released CVE-2016-0409 P-5068V-9.1 P-5068V-9.2 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-5068V-9.1 P-5068V-9.2 Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Agent Next Gen). Supported versions that are affected are 11.1.0.1 and 11.2.0.4. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized takeover of Enterprise Manager Base Platform possibly including arbitrary code execution within the Enterprise Manager Base Platform. CVSS Base Score 4.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:L/AC:L/Au:N/C:P+/I:P+/A:P+). Fix has been released CVE-2016-0411 P-1370V-11.1.0.1 P-1370V-11.2.0.4 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1370V-11.1.0.1 P-1370V-11.2.0.4 Vulnerability in the PeopleSoft Enterprise SCM eProcurement component of Oracle PeopleSoft Products (subcomponent: Manage Requisition Status). Supported versions that are affected are 9.1 and 9.2. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise SCM eProcurement accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Fix has been released CVE-2016-0412 P-5118V-9.1 P-5118V-9.2 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-5118V-9.1 P-5118V-9.2 Vulnerability in the Oracle Identity Federation component of Oracle Fusion Middleware (subcomponent: Federation protocol support). The supported version that is affected is 11.1.1.7. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Identity Federation accessible data. CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:P+/A:N). Fix has been released CVE-2016-0413 P-1741V-11.1.1.7 4.0 AV:N/AC:L/Au:S/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1741V-11.1.1.7 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Solaris Kernel Zones). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Unsupported Solaris 11.x versions should be upgraded to a supported release or patch set. Refer to the Critical Patch Update January 2015 Patch Availability Document for Oracle Sun Systems Products Suite. CVSS Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). Fix has been released CVE-2016-0414 P-10006V-11 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-10006V-11 Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: UI Framework). Supported versions that are affected are 11.1.0.1, 12.1.0.4 and 12.1.0.5. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Base Platform accessible data as well as read access to a subset of Enterprise Manager Base Platform accessible data and ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). Fix has been released CVE-2016-0415 P-1370V-11.1.0.1 P-1370V-12.1.0.4 P-1370V-12.1.0.5 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1370V-11.1.0.1 P-1370V-12.1.0.4 P-1370V-12.1.0.5 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: System Archive Utility). The supported version that is affected is 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data. Note: Unsupported Solaris 11.x versions should be upgraded to a supported release or patch set. Refer to the Critical Patch Update January 2015 Patch Availability Document for Oracle Sun Systems Products Suite. CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). Fix has been released CVE-2016-0416 P-10006V-11 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-10006V-11 Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: HA for MySQL). Supported versions that are affected are 3.3 and 4.2. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris Cluster accessible data as well as read access to a subset of Solaris Cluster accessible data and ability to cause a partial denial of service (partial DOS) of Solaris Cluster. CVSS Base Score 4.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P). Fix has been released CVE-2016-0417 P-10005V-3.3 P-10005V-4.2 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-10005V-3.3 P-10005V-4.2 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Solaris Kernel Zones). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS) as well as update, insert or delete access to some Solaris accessible data and read access to a subset of Solaris accessible data. Note: Unsupported Solaris 11.x versions should be upgraded to a supported release or patch set. Refer to the Critical Patch Update January 2015 Patch Availability Document for Oracle Sun Systems Products Suite. CVSS Base Score 6.1 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:C). Oracle Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:C). Fix has been released CVE-2016-0418 P-10006V-11 6.1 AV:L/AC:L/Au:N/C:P/I:P/A:C CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-10006V-11 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Solaris Kernel Zones). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). Note: Unsupported Solaris 11.x versions should be upgraded to a supported release or patch set. Refer to the Critical Patch Update January 2015 Patch Availability Document for Oracle Sun Systems Products Suite. CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). Oracle Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). Fix has been released CVE-2016-0419 P-10006V-11 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-10006V-11 Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Monitoring and Diagnostics). Supported versions that are affected are 9.1 and 9.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 7.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). Fix has been released CVE-2016-0420 P-4781V-9.1 P-4781V-9.2 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-4781V-9.1 P-4781V-9.2 Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Monitoring and Diagnostics SEC). Supported versions that are affected are 9.1 and 9.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P+). Fix has been released CVE-2016-0421 P-4781V-9.1 P-4781V-9.2 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-4781V-9.1 P-4781V-9.2 Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Enterprise Infrastructure SEC). Supported versions that are affected are 9.1 and 9.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 7.1 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C). Fix has been released CVE-2016-0422 P-4781V-9.1 P-4781V-9.2 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-4781V-9.1 P-4781V-9.2 Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Enterprise Infrastructure SEC). Supported versions that are affected are 9.1 and 9.2. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized write access to any arbitrary Operating System location as well as read access to any arbitrary Operating System location and ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools. CVSS Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:P). Oracle Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:P+). Fix has been released CVE-2016-0423 P-4781V-9.1 P-4781V-9.2 7.3 AV:N/AC:H/Au:N/C:C/I:C/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-4781V-9.1 P-4781V-9.2 Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Enterprise Infrastructure SEC). Supported versions that are affected are 9.1 and 9.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 7.1 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C). Fix has been released CVE-2016-0424 P-4781V-9.1 P-4781V-9.2 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-4781V-9.1 P-4781V-9.2 Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Monitoring and Diagnostics). Supported versions that are affected are 9.1 and 9.2. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized takeover of JD Edwards EnterpriseOne Tools possibly including arbitrary code execution within the JD Edwards EnterpriseOne Tools. CVSS Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:M/Au:S/C:P+/I:P+/A:P+). Fix has been released CVE-2016-0425 P-4781V-9.1 P-4781V-9.2 6.0 AV:N/AC:M/Au:S/C:P/I:P/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-4781V-9.1 P-4781V-9.2 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Solaris Kernel Zones). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris. Note: Unsupported Solaris 11.x versions should be upgraded to a supported release or patch set. Refer to the Critical Patch Update January 2015 Patch Availability Document for Oracle Sun Systems Products Suite. CVSS Base Score 3.6 (Confidentiality and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:P). Oracle Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:P). Fix has been released CVE-2016-0426 P-10006V-11 3.6 AV:L/AC:L/Au:N/C:P/I:N/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-10006V-11 Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: UI Framework). Supported versions that are affected are 11.1.0.1, 11.2.0.4, 12.1.0.4 and 12.1.0.5. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Enterprise Manager Base Platform accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Fix has been released CVE-2016-0427 P-1370V-11.1.0.1 P-1370V-11.2.0.4 P-1370V-12.1.0.4 P-1370V-12.1.0.5 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1370V-11.1.0.1 P-1370V-11.2.0.4 P-1370V-12.1.0.4 P-1370V-12.1.0.5 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Verified Boot). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). Note: Unsupported Solaris 11.x versions should be upgraded to a supported release or patch set. Refer to the Critical Patch Update January 2015 Patch Availability Document for Oracle Sun Systems Products Suite. CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). Oracle Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). Fix has been released CVE-2016-0428 P-10006V-11 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-10006V-11 Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware (subcomponent: Scheduler). Supported versions that are affected are 11.1.1.7.0 and 11.1.1.9.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle BI Publisher accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2016-0429 P-1479V-11.1.1.7.0 P-1479V-11.1.1.9.0 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1479V-11.1.1.7.0 P-1479V-11.1.1.9.0 Vulnerability in the Web Cache component of Oracle Fusion Middleware (subcomponent: SSL Support). Supported versions that are affected are 11.1.1.7.0 and 11.1.1.9.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Web Cache accessible data. CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). Fix has been released CVE-2016-0430 P-1059V-11.1.1.7.0 P-1059V-11.1.1.9.0 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1059V-11.1.1.7.0 P-1059V-11.1.1.9.0 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Solaris Kernel Zones). The supported version that is affected is 11. Very difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. Note: Unsupported Solaris 11.x versions should be upgraded to a supported release or patch set. Refer to the Critical Patch Update January 2015 Patch Availability Document for Oracle Sun Systems Products Suite. CVSS Base Score 1.2 (Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:L/AC:H/Au:N/C:N/I:N/A:P). Fix has been released CVE-2016-0431 P-10006V-11 1.2 AV:L/AC:H/Au:N/C:N/I:N/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-10006V-11 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.0, 8.5.1 and 8.5.2. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS Base Score would increase to 6.8. CVSS Base Score 1.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:P). Fix has been released CVE-2016-0432 P-2276V-8.5.0 P-2276V-8.5.1 P-2276V-8.5.2 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-2276V-8.5.0 P-2276V-8.5.1 P-2276V-8.5.2 Vulnerability in the Web Cache component of Oracle Fusion Middleware (subcomponent: SSL Support). The supported version that is affected is 11.1.1.9.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Web Cache accessible data. CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). Fix has been released CVE-2016-0433 P-1059V-11.1.1.9.0 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1059V-11.1.1.9.0 Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: Mobile POS). Supported versions that are affected are 13.4, 14.0 and 14.1. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Point-of-Service accessible data. CVSS Base Score 1.9 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:L/AC:M/Au:N/C:P/I:N/A:N). Fix has been released CVE-2016-0434 P-2017V-13.4 P-2017V-14.0 P-2017V-14.1 1.9 AV:L/AC:M/Au:N/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-2017V-13.4 P-2017V-14.0 P-2017V-14.1 Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: Mobile POS). Supported versions that are affected are 13.4, 14.0 and 14.1. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Retail Point-of-Service accessible data as well as read access to all Oracle Retail Point-of-Service accessible data. CVSS Base Score 3.3 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:L/AC:M/Au:N/C:P+/I:P+/A:N). Fix has been released CVE-2016-0435 P-2017V-13.4 P-2017V-14.0 P-2017V-14.1 3.3 AV:L/AC:M/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-2017V-13.4 P-2017V-14.0 P-2017V-14.1 Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: Mobile POS). Supported versions that are affected are 13.4, 14.0 and 14.1. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Point-of-Service accessible data. CVSS Base Score 1.9 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:L/AC:M/Au:N/C:P/I:N/A:N). Fix has been released CVE-2016-0436 P-2017V-13.4 P-2017V-14.0 P-2017V-14.1 1.9 AV:L/AC:M/Au:N/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-2017V-13.4 P-2017V-14.0 P-2017V-14.1 Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: Mobile POS). Supported versions that are affected are 13.4, 14.0 and 14.1. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Point-of-Service accessible data. CVSS Base Score 1.9 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:L/AC:M/Au:N/C:P/I:N/A:N). Fix has been released CVE-2016-0437 P-2017V-13.4 P-2017V-14.0 P-2017V-14.1 1.9 AV:L/AC:M/Au:N/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-2017V-13.4 P-2017V-14.0 P-2017V-14.1 Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: Mobile POS). Supported versions that are affected are 13.4, 14.0 and 14.1. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Point-of-Service accessible data. CVSS Base Score 1.9 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:L/AC:M/Au:N/C:P/I:N/A:N). Fix has been released CVE-2016-0438 P-2017V-13.4 P-2017V-14.0 P-2017V-14.1 1.9 AV:L/AC:M/Au:N/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-2017V-13.4 P-2017V-14.0 P-2017V-14.1 Vulnerability in the Web Cache component of Oracle Fusion Middleware (subcomponent: SSL Support). Supported versions that are affected are 11.1.1.7.0 and 11.1.1.9.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Web Cache accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2016-0439 P-1059V-11.1.1.7.0 P-1059V-11.1.1.9.0 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1059V-11.1.1.7.0 P-1059V-11.1.1.9.0 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: NFSv4). The supported version that is affected is 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via NFS. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 7.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). Fix has been released CVE-2016-0440 P-10006V-11 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-10006V-11 Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Embedded Server). The supported version that is affected is 3.1.2. Very difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized write access to any arbitrary Operating System location as well as read access to any arbitrary Operating System location and ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GlassFish Server. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:C/I:C/A:P). Oracle Vector: (AV:N/AC:H/Au:S/C:C/I:C/A:P+). Fix has been released CVE-2016-0441 P-8493V-3.1.2 6.8 AV:N/AC:H/Au:S/C:C/I:C/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-8493V-3.1.2 Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Loader Service). Supported versions that are affected are 12.1.0.4 and 12.1.0.5. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Enterprise Manager Base Platform as well as update, insert or delete access to some Enterprise Manager Base Platform accessible data and read access to a subset of Enterprise Manager Base Platform accessible data. CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P+). Fix has been released CVE-2016-0442 P-1370V-12.1.0.4 P-1370V-12.1.0.5 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1370V-12.1.0.4 P-1370V-12.1.0.5 Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Agent Next Gen). Supported versions that are affected are 11.1.0.1, 12.1.0.4 and 12.1.0.5. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to all Enterprise Manager Base Platform accessible data. CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:P+/I:N/A:N). Fix has been released CVE-2016-0443 P-1370V-11.1.0.1 P-1370V-12.1.0.4 P-1370V-12.1.0.5 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1370V-11.1.0.1 P-1370V-12.1.0.4 P-1370V-12.1.0.5 Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Agent Next Gen). Supported versions that are affected are 11.1.0.1, 11.2.0.4, 12.1.0.4 and 12.1.0.5. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to all Enterprise Manager Base Platform accessible data as well as update, insert or delete access to some Enterprise Manager Base Platform accessible data and ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS Base Score 4.4 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:L/AC:M/Au:N/C:P+/I:P/A:P). Fix has been released CVE-2016-0444 P-1370V-11.1.0.1 P-1370V-11.2.0.4 P-1370V-12.1.0.4 P-1370V-12.1.0.5 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1370V-11.1.0.1 P-1370V-11.2.0.4 P-1370V-12.1.0.4 P-1370V-12.1.0.5 Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Agent Next Gen). Supported versions that are affected are 11.1.0.1, 11.2.0.4, 12.1.0.4, 12.1.0.5 and . Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized takeover of Enterprise Manager Base Platform possibly including arbitrary code execution within the Enterprise Manager Base Platform. CVSS Base Score 4.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:L/AC:L/Au:N/C:P+/I:P+/A:P+). Fix has been released CVE-2016-0445 P-1370V-11.1.0.1 P-1370V-11.2.0.4 P-1370V-12.1.0.4 P-1370V-12.1.0.5 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1370V-11.1.0.1 P-1370V-11.2.0.4 P-1370V-12.1.0.4 P-1370V-12.1.0.5 Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Agent Next Gen). Supported versions that are affected are 11.1.0.1, 11.2.0.4, 12.1.0.4 and 12.1.0.5. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to all Enterprise Manager Base Platform accessible data. CVSS Base Score 2.1 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:L/AC:L/Au:N/C:P+/I:N/A:N). Fix has been released CVE-2016-0446 P-1370V-11.1.0.1 P-1370V-11.2.0.4 P-1370V-12.1.0.4 P-1370V-12.1.0.5 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1370V-11.1.0.1 P-1370V-11.2.0.4 P-1370V-12.1.0.4 P-1370V-12.1.0.5 Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Agent Next Gen). Supported versions that are affected are 11.1.0.1, 11.2.0.4, 12.1.0.4 and 12.1.0.5. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Base Platform accessible data as well as read access to a subset of Enterprise Manager Base Platform accessible data and ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS Base Score 4.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P). Fix has been released CVE-2016-0447 P-1370V-11.1.0.1 P-1370V-11.2.0.4 P-1370V-12.1.0.4 P-1370V-12.1.0.5 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1370V-11.1.0.1 P-1370V-11.2.0.4 P-1370V-12.1.0.4 P-1370V-12.1.0.5 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u105, 7u91 and 8u66; Java SE Embedded: 8u65. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Fix has been released CVE-2016-0448 P-856V-Java SE: 6u105 P-856V-7u91 P-856V-8u66; Java SE Embedded: 8u65 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-856V-Java SE: 6u105 P-856V-7u91 P-856V-8u66; Java SE Embedded: 8u65 Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Agent Next Gen). Supported versions that are affected are 11.1.0.1, 11.2.0.4, 12.1.0.4 and 12.1.0.5. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Base Platform accessible data as well as read access to a subset of Enterprise Manager Base Platform accessible data and ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform . CVSS Base Score 4.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P). Fix has been released CVE-2016-0449 P-1370V-11.1.0.1 P-1370V-11.2.0.4 P-1370V-12.1.0.4 P-1370V-12.1.0.5 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1370V-11.1.0.1 P-1370V-11.2.0.4 P-1370V-12.1.0.4 P-1370V-12.1.0.5 Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate. Supported versions that are affected are 11.2 and 12.1.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via Oracle Golden Gate. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P+). Fix has been released CVE-2016-0450 P-5757V-11.2 P-5757V-12.1.2 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-5757V-11.2 P-5757V-12.1.2 Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate. Supported versions that are affected are 11.2 and 12.1.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via Oracle Golden Gate. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: The CVSS score is 10.0 only on Windows for Database versions prior to 12c. The CVSS is 7.5 (Confidentiality, Integrity and Availability is "Partial+") for Database 12c on Windows and for all versions of Database on Linux, Unix and other platforms. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Fix has been released CVE-2016-0451 P-5757V-11.2 P-5757V-12.1.2 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-5757V-11.2 P-5757V-12.1.2 Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate. Supported versions that are affected are 11.2 and 12.1.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via Oracle Golden Gate. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: The CVSS score is 10.0 only on Windows for Database versions prior to 12c. The CVSS is 7.5 (Confidentiality, Integrity and Availability is "Partial+") for Database 12c on Windows and for all versions of Database on Linux, Unix and other platforms. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Fix has been released CVE-2016-0452 P-5757V-11.2 P-5757V-12.1.2 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-5757V-11.2 P-5757V-12.1.2 Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Embedded Server). The supported version that is affected is 3.1.2. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP, but can only be launched from an adjacent network. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle GlassFish Server accessible data. CVSS Base Score 1.8 (Integrity impacts). CVSS V2 Vector: (AV:A/AC:H/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:A/AC:H/Au:N/C:N/I:P/A:N). Fix has been released CVE-2016-0453 P-8493V-3.1.2 1.8 AV:A/AC:H/Au:N/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-8493V-3.1.2 Vulnerability in the Oracle Mobile Application Servlet component of Oracle E-Business Suite (subcomponent: MWA Server Manager). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Mobile Application Servlet accessible data. CVSS Base Score 2.1 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2016-0454 P-995V-12.1 P-995V-12.2 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-995V-12.1 P-995V-12.2 Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Agent Next Gen). Supported versions that are affected are 11.1.0.1, 11.2.0.4, 12.1.0.4 and 12.1.0.5. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized read access to any arbitrary Operating System location and ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS Base Score 5.2 (Confidentiality and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:C/I:N/A:P). Oracle Vector: (AV:L/AC:L/Au:S/C:C/I:N/A:P). Fix has been released CVE-2016-0455 P-1370V-11.1.0.1 P-1370V-11.2.0.4 P-1370V-12.1.0.4 P-1370V-12.1.0.5 5.2 AV:L/AC:L/Au:S/C:C/I:N/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1370V-11.1.0.1 P-1370V-11.2.0.4 P-1370V-12.1.0.4 P-1370V-12.1.0.5 Vulnerability in the Application Mgmt Pack for E-Business Suite component of Oracle E-Business Suite (subcomponent: REST Framework). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Application Mgmt Pack for E-Business Suite accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2016-0456 P-2294V-12.1 P-2294V-12.2 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-2294V-12.1 P-2294V-12.2 Vulnerability in the Application Mgmt Pack for E-Business Suite component of Oracle E-Business Suite (subcomponent: REST Framework). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Application Mgmt Pack for E-Business Suite accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2016-0457 P-2294V-12.1 P-2294V-12.2 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-2294V-12.1 P-2294V-12.2 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel DAX). The supported version that is affected is 11. Very difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:N/C:N/I:N/A:C). Oracle Vector: (AV:L/AC:H/Au:N/C:N/I:N/A:C). Fix has been released CVE-2016-0458 P-10006V-11 4.0 AV:L/AC:H/Au:N/C:N/I:N/A:C CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-10006V-11 Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup Windows). Supported versions that are affected are 11.5.10.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Applications Framework accessible data. CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). Fix has been released CVE-2016-0459 P-1472V-11.5.10.2 P-1472V-12.1.3 P-1472V-12.2.3 P-1472V-12.2.4 P-1472V-12.2.5 4.0 AV:N/AC:L/Au:S/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1472V-11.5.10.2 P-1472V-12.1.3 P-1472V-12.2.3 P-1472V-12.2.4 P-1472V-12.2.5 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Homepage and NavBar). The supported version that is affected is 8.55. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). Fix has been released CVE-2016-0460 P-5085V-8.55 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-5085V-8.55 Vulnerability in the XDB - XML Database component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of XDB - XML Database. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Fix has been released CVE-2016-0461 P-5V-11.2.0.4 P-5V-12.1.0.1 P-5V-12.1.0.2 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-5V-11.2.0.4 P-5V-12.1.0.1 P-5V-12.1.0.2 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Multichannel Framework). Supported versions that are affected are 8.53 and 8.54. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Fix has been released CVE-2016-0462 P-5085V-8.53 P-5085V-8.54 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-5085V-8.53 P-5085V-8.54 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.53, 8.54 and 8.55. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). Fix has been released CVE-2016-0463 P-5085V-8.53 P-5085V-8.54 P-5085V-8.55 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-5085V-8.53 P-5085V-8.54 P-5085V-8.55 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS-Console). Supported versions that are affected are 10.3.6, 12.1.2 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebLogic Server accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2016-0464 P-5242V-10.3.6 P-5242V-12.1.2 P-5242V-12.1.3 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-5242V-10.3.6 P-5242V-12.1.2 P-5242V-12.1.3 Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: Resource Group Manager). Supported versions that are affected are 3.3 and 4. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). Oracle Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). Fix has been released CVE-2016-0465 P-10005V-3.3 P-10005V-4 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-10005V-3.3 P-10005V-4 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u105, 7u91 and 8u66; Java SE Embedded: 8u65; JRockit: R28.3.8. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Fix has been released CVE-2016-0466 P-856V-Java SE: 6u105 P-856V-7u91 P-856V-8u66; Java SE Embedded: 8u65; JRockit: R28.3.8 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-856V-Java SE: 6u105 P-856V-7u91 P-856V-8u66; Java SE Embedded: 8u65; JRockit: R28.3.8 Vulnerability in the Security component of Oracle Database Server. This vulnerability requires Create Session, Create Java Source privileges for a successful attack. Supported versions that are affected are 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Security accessible data. CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). Fix has been released CVE-2016-0467 P-5V-11.2.0.4 P-5V-12.1.0.1 P-5V-12.1.0.2 4.0 AV:N/AC:L/Au:S/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-5V-11.2.0.4 P-5V-12.1.0.1 P-5V-12.1.0.2 Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0 and 12.2.1.0.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle BI Publisher accessible data as well as read access to a subset of Oracle BI Publisher accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). Fix has been released CVE-2016-0470 P-1479V-11.1.1.7.0 P-1479V-11.1.1.9.0 P-1479V-12.2.1.0.0 5.5 AV:N/AC:L/Au:S/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1479V-11.1.1.7.0 P-1479V-11.1.1.9.0 P-1479V-12.2.1.0.0 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Multichannel Framework). Supported versions that are affected are 8.53 and 8.54. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). Fix has been released CVE-2016-0471 P-5085V-8.53 P-5085V-8.54 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-5085V-8.53 P-5085V-8.54 Vulnerability in the XDB - XML Database component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to all XDB - XML Database accessible data and ability to cause a partial denial of service (partial DOS) of XDB - XML Database. CVSS Base Score 5.5 (Confidentiality and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:P+/I:N/A:P). Fix has been released CVE-2016-0472 P-5V-11.2.0.4 P-5V-12.1.0.1 P-5V-12.1.0.2 5.5 AV:N/AC:L/Au:S/C:P/I:N/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-5V-11.2.0.4 P-5V-12.1.0.1 P-5V-12.1.0.2 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Core). Supported versions that are affected are 8.54 and 8.55. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Fix has been released CVE-2016-0473 P-5085V-8.54 P-5085V-8.55 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-5085V-8.54 P-5085V-8.55 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.54 and 8.55. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Fix has been released CVE-2016-0474 P-5085V-8.54 P-5085V-8.55 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-5085V-8.54 P-5085V-8.55 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u66; Java SE Embedded: 8u65; JRockit: R28.3.8. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, Java SE Embedded, JRockit accessible data as well as read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS Base Score 5.8 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N). Fix has been released CVE-2016-0475 P-856V-Java SE: 8u66; Java SE Embedded: 8u65; JRockit: R28.3.8 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-856V-Java SE: 8u66; Java SE Embedded: 8u65; JRockit: R28.3.8 Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Load Testing for Web Apps). Supported versions that are affected are 12.4.0.2 and 12.5.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to all Oracle Application Testing Suite accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:N/A:N). Fix has been released CVE-2016-0476 P-4622V-12.4.0.2 P-4622V-12.5.0.2 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-4622V-12.4.0.2 P-4622V-12.5.0.2 Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Load Testing for Web Apps). Supported versions that are affected are 12.4.0.2 and 12.5.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to all Oracle Application Testing Suite accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:N/A:N). Fix has been released CVE-2016-0477 P-4622V-12.4.0.2 P-4622V-12.5.0.2 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-4622V-12.4.0.2 P-4622V-12.5.0.2 Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Load Testing for Web Apps). Supported versions that are affected are 12.4.0.2 and 12.5.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to all Oracle Application Testing Suite accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:N/A:N). Fix has been released CVE-2016-0478 P-4622V-12.4.0.2 P-4622V-12.5.0.2 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-4622V-12.4.0.2 P-4622V-12.5.0.2 Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Test Manager for Web Apps). Supported versions that are affected are 12.4.0.2 and 12.5.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Application Testing Suite accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2016-0480 P-4622V-12.4.0.2 P-4622V-12.5.0.2 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-4622V-12.4.0.2 P-4622V-12.5.0.2 Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Test Manager for Web Apps). Supported versions that are affected are 12.4.0.2 and 12.5.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Application Testing Suite accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2016-0481 P-4622V-12.4.0.2 P-4622V-12.5.0.2 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-4622V-12.4.0.2 P-4622V-12.5.0.2 Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Test Manager for Web Apps). Supported versions that are affected are 12.4.0.2 and 12.5.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Application Testing Suite accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2016-0482 P-4622V-12.4.0.2 P-4622V-12.5.0.2 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-4622V-12.4.0.2 P-4622V-12.5.0.2 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u105, 7u91 and 8u66; Java SE Embedded: 8u65; JRockit: R28.3.8. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Fix has been released CVE-2016-0483 P-856V-Java SE: 6u105 P-856V-7u91 P-856V-8u66; Java SE Embedded: 8u65; JRockit: R28.3.8 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-856V-Java SE: 6u105 P-856V-7u91 P-856V-8u66; Java SE Embedded: 8u65; JRockit: R28.3.8 Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Test Manager for Web Apps). Supported versions that are affected are 12.4.0.2 and 12.5.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to all Oracle Application Testing Suite accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:N/A:N). Fix has been released CVE-2016-0484 P-4622V-12.4.0.2 P-4622V-12.5.0.2 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-4622V-12.4.0.2 P-4622V-12.5.0.2 Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Test Manager for Web Apps). Supported versions that are affected are 12.4.0.2 and 12.5.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Application Testing Suite accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2016-0485 P-4622V-12.4.0.2 P-4622V-12.5.0.2 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-4622V-12.4.0.2 P-4622V-12.5.0.2 Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Test Manager for Web Apps). Supported versions that are affected are 12.4.0.2 and 12.5.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to all Oracle Application Testing Suite accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:N/A:N). Fix has been released CVE-2016-0486 P-4622V-12.4.0.2 P-4622V-12.5.0.2 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-4622V-12.4.0.2 P-4622V-12.5.0.2 Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Test Manager for Web Apps). Supported versions that are affected are 12.4.0.2 and 12.5.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Testing Suite accessible data as well as read access to a subset of Oracle Application Testing Suite accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Fix has been released CVE-2016-0487 P-4622V-12.4.0.2 P-4622V-12.5.0.2 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-4622V-12.4.0.2 P-4622V-12.5.0.2 Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Load Testing for Web Apps). Supported versions that are affected are 12.4.0.2 and 12.5.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Testing Suite accessible data as well as read access to a subset of Oracle Application Testing Suite accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Fix has been released CVE-2016-0488 P-4622V-12.4.0.2 P-4622V-12.5.0.2 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-4622V-12.4.0.2 P-4622V-12.5.0.2 Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Test Manager for Web Apps). Supported versions that are affected are 12.4.0.2 and 12.5.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Testing Suite accessible data as well as read access to a subset of Oracle Application Testing Suite accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Application Testing Suite. CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). Fix has been released CVE-2016-0489 P-4622V-12.4.0.2 P-4622V-12.5.0.2 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-4622V-12.4.0.2 P-4622V-12.5.0.2 Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Test Manager for Web Apps). Supported versions that are affected are 12.4.0.2 and 12.5.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Testing Suite accessible data as well as read access to a subset of Oracle Application Testing Suite accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Fix has been released CVE-2016-0490 P-4622V-12.4.0.2 P-4622V-12.5.0.2 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-4622V-12.4.0.2 P-4622V-12.5.0.2 Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Load Testing for Web Apps). Supported versions that are affected are 12.4.0.2 and 12.5.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Application Testing Suite accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Application Testing Suite. CVSS Base Score 6.4 (Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:P+/A:P). Fix has been released CVE-2016-0491 P-4622V-12.4.0.2 P-4622V-12.5.0.2 6.4 AV:N/AC:L/Au:N/C:N/I:P/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-4622V-12.4.0.2 P-4622V-12.5.0.2 Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Load Testing for Web Apps). Supported versions that are affected are 12.4.0.2 and 12.5.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Testing Suite accessible data as well as read access to a subset of Oracle Application Testing Suite accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Fix has been released CVE-2016-0492 P-4622V-12.4.0.2 P-4622V-12.5.0.2 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-4622V-12.4.0.2 P-4622V-12.5.0.2 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Cryptography). The supported version that is affected is 11. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 3.3 (Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P). Oracle Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P). Fix has been released CVE-2016-0493 P-10006V-11 3.3 AV:L/AC:M/Au:N/C:N/I:P/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-10006V-11 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u105, 7u91 and 8u66; Java SE Embedded: 8u65. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Fix has been released CVE-2016-0494 P-856V-Java SE: 6u105 P-856V-7u91 P-856V-8u66; Java SE Embedded: 8u65 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-856V-Java SE: 6u105 P-856V-7u91 P-856V-8u66; Java SE Embedded: 8u65 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are VirtualBox prior to 4.3.36 and prior to 5.0.14. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS Base Score 4.3 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P+). Fix has been released CVE-2016-0495 P-8370V-VirtualBox prior to 4.3.36 P-8370V-prior to 5.0.14 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-8370V-VirtualBox prior to 4.3.36 P-8370V-prior to 5.0.14 Vulnerability in the MICROS CWDirect component of Oracle Retail Applications (subcomponent: Order Entry). Supported versions that are affected are 12.5, 13.0, 14.0, 15.0, 16.0 and 17.0 18.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of MICROS CWDirect accessible data. CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). Fix has been released CVE-2016-0496 P-11547V-12.5 P-11547V-13.0 P-11547V-14.0 P-11547V-15.0 P-11547V-16.0 P-11547V-17.018.0 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-11547V-12.5 P-11547V-13.0 P-11547V-14.0 P-11547V-15.0 P-11547V-16.0 P-11547V-17.018.0 Vulnerability in the Oracle Agile Engineering Data Management component of Oracle Supply Chain Products Suite (subcomponent: Web Client). Supported versions that are affected are 6.1.2.2, 6.1.3.0 and 6.2.0.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Agile Engineering Data Management accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2016-0497 P-4436V-6.1.2.2 P-4436V-6.1.3.0 P-4436V-6.2.0.0 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-4436V-6.1.2.2 P-4436V-6.1.3.0 P-4436V-6.2.0.0 Vulnerability in the Oracle Agile Engineering Data Management component of Oracle Supply Chain Products Suite (subcomponent: Install). Supported versions that are affected are 6.1.2.2, 6.1.3.0 and 6.2.0.0. Difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized read access to all Oracle Agile Engineering Data Management accessible data. CVSS Base Score 1.5 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:M/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:L/AC:M/Au:S/C:P+/I:N/A:N). Fix has been released CVE-2016-0498 P-4436V-6.1.2.2 P-4436V-6.1.3.0 P-4436V-6.2.0.0 1.5 AV:L/AC:M/Au:S/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-4436V-6.1.2.2 P-4436V-6.1.3.0 P-4436V-6.2.0.0 Vulnerability in the Java VM component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: The CVSS score is 9.0 only on Windows for Database versions prior to 12<i>c</i>. The CVSS is 6.5 (Confidentiality, Integrity and Availability is "Partial+") for Database 12<i>c</i> on Windows and for all versions of Database on Linux, Unix and other platforms. CVSS Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C). Oracle Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C). Fix has been released CVE-2016-0499 P-5V-11.2.0.4 P-5V-12.1.0.1 P-5V-12.1.0.2 9.0 AV:N/AC:L/Au:S/C:C/I:C/A:C CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-5V-11.2.0.4 P-5V-12.1.0.1 P-5V-12.1.0.2 Vulnerability in the Oracle Retail Order Broker Cloud Service component of Oracle Retail Applications (subcomponent: System Administration). Supported versions that are affected are 4.0 and 4.1.. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized takeover of Oracle Retail Order Broker Cloud Service possibly including arbitrary code execution within the Oracle Retail Order Broker Cloud Service. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:P+). Fix has been released CVE-2016-0500 P-11520V-4.0 P-11520V-4.1. 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-11520V-4.0 P-11520V-4.1. Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: SGD Core). The supported version that is affected is 5.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via WebSocket. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Secure Global Desktop. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P+). Fix has been released CVE-2016-0501 P-8539V-5.2 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-8539V-5.2 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.31 and earlier and 5.6.11 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2016-0502 P-8478V-5.5.31 and earlier P-8478V-5.6.11 and earlier 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-8478V-5.5.31 and earlier P-8478V-5.6.11 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.6.27 and earlier and 5.7.9. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2016-0503 P-8478V-5.6.27 and earlier P-8478V-5.7.9 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-8478V-5.6.27 and earlier P-8478V-5.7.9 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.6.27 and earlier and 5.7.9. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 6.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C). Fix has been released CVE-2016-0504 P-8478V-5.6.27 and earlier P-8478V-5.7.9 6.8 AV:N/AC:L/Au:S/C:N/I:N/A:C CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-8478V-5.6.27 and earlier P-8478V-5.7.9 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.46 and earlier, 5.6.27 and earlier and 5.7.9. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 6.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C). Fix has been released CVE-2016-0505 P-8478V-5.5.46 and earlier P-8478V-5.6.27 and earlier P-8478V-5.7.9 6.8 AV:N/AC:L/Au:S/C:N/I:N/A:C CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-8478V-5.5.46 and earlier P-8478V-5.6.27 and earlier P-8478V-5.7.9 Vulnerability in the Oracle Retail Order Management System Cloud Service component of Oracle Retail Applications (subcomponent: Order Entry). Supported versions that are affected are 3.5, 4.5, 4.7, 5.0 and 15.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Order Management System Cloud Service accessible data. CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). Fix has been released CVE-2016-0506 P-11519V-3.5 P-11519V-4.5 P-11519V-4.7 P-11519V-5.0 P-11519V-15.0 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-11519V-3.5 P-11519V-4.5 P-11519V-4.7 P-11519V-5.0 P-11519V-15.0 Vulnerability in the Oracle iReceivables component of Oracle E-Business Suite (subcomponent: AR Web Utilities). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle iReceivables accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2016-0507 P-1106V-11.5.10.2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1106V-11.5.10.2 Vulnerability in the Oracle iLearning component of Oracle iLearning (subcomponent: Learner Administration). Supported versions that are affected are 6.0 and 6.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle iLearning accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2016-0508 P-902V-6.0 P-902V-6.1 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-902V-6.0 P-902V-6.1 Vulnerability in the Oracle Internet Expenses component of Oracle E-Business Suite (subcomponent: AP Web Utilities). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Internet Expenses accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2016-0509 P-397V-11.5.10.2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-397V-11.5.10.2 Vulnerability in the Oracle E-Business Intelligence component of Oracle E-Business Suite (subcomponent: Business Views Catalog). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle E-Business Intelligence accessible data as well as read access to all Oracle E-Business Intelligence accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:N). Fix has been released CVE-2016-0510 P-163V-11.5.10.2 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-163V-11.5.10.2 Vulnerability in the Oracle E-Business Intelligence component of Oracle E-Business Suite (subcomponent: Common Components). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle E-Business Intelligence accessible data as well as read access to all Oracle E-Business Intelligence accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:N). Fix has been released CVE-2016-0511 P-163V-11.5.10.2 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-163V-11.5.10.2 Vulnerability in the Oracle Human Resources component of Oracle E-Business Suite (subcomponent: Self Service - Common Modules ). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Human Resources accessible data as well as read access to all Oracle Human Resources accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:N). Fix has been released CVE-2016-0512 P-1566V-11.5.10.2 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1566V-11.5.10.2 Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: BIS Common Components). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle CRM Technical Foundation accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2016-0513 P-1199V-11.5.10.2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1199V-11.5.10.2 Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: BIS Common Components). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle CRM Technical Foundation accessible data as well as read access to all Oracle CRM Technical Foundation accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:N). Fix has been released CVE-2016-0514 P-1199V-11.5.10.2 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1199V-11.5.10.2 Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: BIS Common Components). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle CRM Technical Foundation accessible data as well as read access to all Oracle CRM Technical Foundation accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:N). Fix has been released CVE-2016-0515 P-1199V-11.5.10.2 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1199V-11.5.10.2 Vulnerability in the Oracle Quality component of Oracle E-Business Suite (subcomponent: QA / Order Management Integration). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Quality accessible data as well as read access to all Oracle Quality accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:N). Fix has been released CVE-2016-0516 P-214V-11.5.10.2 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-214V-11.5.10.2 Vulnerability in the Oracle Human Resources component of Oracle E-Business Suite (subcomponent: General utilities). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Human Resources accessible data as well as read access to all Oracle Human Resources accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:N). Fix has been released CVE-2016-0517 P-507V-11.5.10.2 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-507V-11.5.10.2 Vulnerability in the Oracle Human Resources component of Oracle E-Business Suite (subcomponent: General utilities). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Human Resources accessible data as well as read access to all Oracle Human Resources accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:N). Fix has been released CVE-2016-0518 P-507V-11.5.10.2 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-507V-11.5.10.2 Vulnerability in the Oracle iReceivables component of Oracle E-Business Suite (subcomponent: AR Web Utilities). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle iReceivables accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2016-0519 P-1106V-11.5.10.2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1106V-11.5.10.2 Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Java APIs). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Object Library accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2016-0520 P-510V-11.5.10.2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-510V-11.5.10.2 Vulnerability in the Oracle iProcurement component of Oracle E-Business Suite (subcomponent: Redirection). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle iProcurement accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2016-0521 P-398V-11.5.10.2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-398V-11.5.10.2 Vulnerability in the Oracle Retail Open Commerce Platform Cloud Service component of Oracle Retail Applications (subcomponent: Framework). Supported versions that are affected are 3.5, 4.5, 4.7 and 5.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized takeover of Oracle Retail Open Commerce Platform Cloud Service possibly including arbitrary code execution within the Oracle Retail Open Commerce Platform Cloud Service. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:P+). Fix has been released CVE-2016-0522 P-11521V-3.5 P-11521V-4.5 P-11521V-4.7 P-11521V-5.0 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-11521V-3.5 P-11521V-4.5 P-11521V-4.7 P-11521V-5.0 Vulnerability in the Oracle Interaction Blending component of Oracle E-Business Suite (subcomponent: Blending Administration). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Interaction Blending accessible data as well as read access to all Oracle Interaction Blending accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P+/I:P+/A:N). Fix has been released CVE-2016-0523 P-182V-11.5.10.2 P-182V-12.1.1 P-182V-12.1.2 P-182V-12.1.3 P-182V-12.2.3 P-182V-12.2.4 P-182V-12.2.5 5.5 AV:N/AC:L/Au:S/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-182V-11.5.10.2 P-182V-12.1.1 P-182V-12.1.2 P-182V-12.1.3 P-182V-12.2.3 P-182V-12.2.4 P-182V-12.2.5 Vulnerability in the Oracle Universal Work Queue component of Oracle E-Business Suite (subcomponent: Work Provider Administration). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Universal Work Queue accessible data as well as read access to all Oracle Universal Work Queue accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:N). Fix has been released CVE-2016-0524 P-778V-11.5.10.2 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-778V-11.5.10.2 Vulnerability in the Oracle Universal Work Queue component of Oracle E-Business Suite (subcomponent: Work Provider Administration). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Universal Work Queue accessible data as well as read access to all Oracle Universal Work Queue accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:N). Fix has been released CVE-2016-0525 P-778V-11.5.10.2 P-778V-12.1.1 P-778V-12.1.2 P-778V-12.1.3 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-778V-11.5.10.2 P-778V-12.1.1 P-778V-12.1.2 P-778V-12.1.3 Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Wireless Framework). Supported versions that are affected are 11.5.10.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle CRM Technical Foundation accessible data. CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). Fix has been released CVE-2016-0526 P-1199V-11.5.10.2 P-1199V-12.1.3 P-1199V-12.2.3 P-1199V-12.2.4 P-1199V-12.2.5 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1199V-11.5.10.2 P-1199V-12.1.3 P-1199V-12.2.3 P-1199V-12.2.4 P-1199V-12.2.5 Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: User GUI). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Customer Interaction History accessible data as well as read access to a subset of Oracle Customer Interaction History accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Fix has been released CVE-2016-0527 P-1374V-12.1.1 P-1374V-12.1.2 P-1374V-12.1.3 P-1374V-12.2.3 P-1374V-12.2.4 P-1374V-12.2.5 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1374V-12.1.1 P-1374V-12.1.2 P-1374V-12.1.3 P-1374V-12.2.3 P-1374V-12.2.4 P-1374V-12.2.5 Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: User GUI). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Customer Interaction History accessible data as well as read access to a subset of Oracle Customer Interaction History accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Fix has been released CVE-2016-0528 P-1374V-12.1.1 P-1374V-12.1.2 P-1374V-12.1.3 P-1374V-12.2.3 P-1374V-12.2.4 P-1374V-12.2.5 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1374V-12.1.1 P-1374V-12.1.2 P-1374V-12.1.3 P-1374V-12.2.3 P-1374V-12.2.4 P-1374V-12.2.5 Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: User GUI). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Customer Interaction History accessible data as well as read access to a subset of Oracle Customer Interaction History accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Fix has been released CVE-2016-0529 P-1374V-12.1.1 P-1374V-12.1.2 P-1374V-12.1.3 P-1374V-12.2.3 P-1374V-12.2.4 P-1374V-12.2.5 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1374V-12.1.1 P-1374V-12.1.2 P-1374V-12.1.3 P-1374V-12.2.3 P-1374V-12.2.4 P-1374V-12.2.5 Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: User GUI). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Customer Interaction History accessible data as well as read access to a subset of Oracle Customer Interaction History accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Fix has been released CVE-2016-0530 P-1374V-12.1.1 P-1374V-12.1.2 P-1374V-12.1.3 P-1374V-12.2.3 P-1374V-12.2.4 P-1374V-12.2.5 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1374V-12.1.1 P-1374V-12.1.2 P-1374V-12.1.3 P-1374V-12.2.3 P-1374V-12.2.4 P-1374V-12.2.5 Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: Oracle Diagnostics Interfaces). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Applications Manager accessible data. CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). Fix has been released CVE-2016-0531 P-99V-12.1.3 4.0 AV:N/AC:L/Au:S/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-99V-12.1.3 Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Security Assignments). Supported versions that are affected are 11.5.10.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle CRM Technical Foundation accessible data as well as read access to a subset of Oracle CRM Technical Foundation accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Fix has been released CVE-2016-0532 P-1199V-11.5.10.2 P-1199V-12.1.3 P-1199V-12.2.3 P-1199V-12.2.4 P-1199V-12.2.5 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1199V-11.5.10.2 P-1199V-12.1.3 P-1199V-12.2.3 P-1199V-12.2.4 P-1199V-12.2.5 Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Messaging). Supported versions that are affected are 11.5.10.2 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle CRM Technical Foundation accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2016-0533 P-1199V-11.5.10.2 P-1199V-12.1.3 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1199V-11.5.10.2 P-1199V-12.1.3 Vulnerability in the Oracle Project Contracts component of Oracle E-Business Suite (subcomponent: Printing). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Project Contracts accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2016-0534 P-799V-12.1.1 P-799V-12.1.2 P-799V-12.1.3 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-799V-12.1.1 P-799V-12.1.2 P-799V-12.1.3 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RPC). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows successful unauthenticated network attacks via RPC. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 4.3 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P). Fix has been released CVE-2016-0535 P-10006V-10 P-10006V-11 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-10006V-10 P-10006V-11 Vulnerability in the Oracle Universal Work Queue component of Oracle E-Business Suite (subcomponent: Error Messages). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Universal Work Queue accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2016-0536 P-778V-11.5.10.2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-778V-11.5.10.2 Vulnerability in the Oracle Human Resources component of Oracle E-Business Suite (subcomponent: Person). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Human Resources accessible data as well as read access to all Oracle Human Resources accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:N). Fix has been released CVE-2016-0537 P-507V-11.5.10.2 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-507V-11.5.10.2 Vulnerability in the Oracle Financial Consolidation Hub component of Oracle E-Business Suite (subcomponent: Business Intelligence). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Financial Consolidation Hub accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2016-0538 P-1375V-11.5.10.2 P-1375V-12.1.1 P-1375V-12.1.2 P-1375V-12.1.3 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1375V-11.5.10.2 P-1375V-12.1.1 P-1375V-12.1.2 P-1375V-12.1.3 Vulnerability in the Oracle Report Manager component of Oracle E-Business Suite (subcomponent: Report Display). Supported versions that are affected are 11.5.10.2, 12.1.3, 12.2.3 and 12.2.4. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Report Manager accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2016-0539 P-777V-11.5.10.2 P-777V-12.1.3 P-777V-12.2.3 P-777V-12.2.4 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-777V-11.5.10.2 P-777V-12.1.3 P-777V-12.2.3 P-777V-12.2.4 Vulnerability in the Oracle Configurator component of Oracle Supply Chain Products Suite (subcomponent: UI Servlet). Supported versions that are affected are 11.5.10.2, 12.1 and 12.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Configurator accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2016-0540 P-31V-11.5.10.2 P-31V-12.1 P-31V-12.2 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-31V-11.5.10.2 P-31V-12.1 P-31V-12.2 Vulnerability in the Oracle Configurator component of Oracle Supply Chain Products Suite (subcomponent: UI Servlet). Supported versions that are affected are 11.5.10.2, 12.1 and 12.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Configurator accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2016-0541 P-31V-11.5.10.2 P-31V-12.1 P-31V-12.2 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-31V-11.5.10.2 P-31V-12.1 P-31V-12.2 Vulnerability in the Oracle Field Service component of Oracle E-Business Suite (subcomponent: Field Service Map). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Field Service accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2016-0542 P-747V-12.1.1 P-747V-12.1.2 P-747V-12.1.3 P-747V-12.2.3 P-747V-12.2.4 P-747V-12.2.5 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-747V-12.1.1 P-747V-12.1.2 P-747V-12.1.3 P-747V-12.2.3 P-747V-12.2.4 P-747V-12.2.5 Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: Preview). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Marketing accessible data as well as read access to all Oracle Marketing accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:N). Fix has been released CVE-2016-0543 P-229V-11.5.10.2 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-229V-11.5.10.2 Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: Architecture). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Marketing accessible data as well as read access to all Oracle Marketing accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:N). Fix has been released CVE-2016-0544 P-229V-11.5.10.2 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-229V-11.5.10.2 Vulnerability in the Oracle Customer Intelligence component of Oracle E-Business Suite (subcomponent: Data Issues). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Customer Intelligence accessible data as well as read access to all Oracle Customer Intelligence accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:N). Fix has been released CVE-2016-0545 P-390V-11.5.10.2 P-390V-12.1.1 P-390V-12.1.2 P-390V-12.1.3 P-390V-12.2.3 P-390V-12.2.4 P-390V-12.2.5 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-390V-11.5.10.2 P-390V-12.1.1 P-390V-12.1.2 P-390V-12.1.3 P-390V-12.2.3 P-390V-12.2.4 P-390V-12.2.5 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client). Supported versions that are affected are 5.5.46 and earlier, 5.6.27 and earlier and 5.7.9. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: The CVSS score is 7.2 if MySQL client is run with admin or root privileges. Otherwise, CVSS score is 4.6 (Confidentiality, Integrity and Availability is Partial+). CVSS Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). Fix has been released CVE-2016-0546 P-8478V-5.5.46 and earlier P-8478V-5.6.27 and earlier P-8478V-5.7.9 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-8478V-5.5.46 and earlier P-8478V-5.6.27 and earlier P-8478V-5.7.9 Vulnerability in the Oracle E-Business Intelligence component of Oracle E-Business Suite (subcomponent: Common Components). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle E-Business Intelligence accessible data as well as read access to all Oracle E-Business Intelligence accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:N). Fix has been released CVE-2016-0547 P-163V-11.5.10.2 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-163V-11.5.10.2 Vulnerability in the Oracle E-Business Intelligence component of Oracle E-Business Suite (subcomponent: Common Components). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle E-Business Intelligence accessible data as well as read access to all Oracle E-Business Intelligence accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:N). Fix has been released CVE-2016-0548 P-163V-11.5.10.2 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-163V-11.5.10.2 Vulnerability in the Oracle E-Business Intelligence component of Oracle E-Business Suite (subcomponent: Common Components). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle E-Business Intelligence accessible data as well as read access to all Oracle E-Business Intelligence accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:N). Fix has been released CVE-2016-0549 P-163V-11.5.10.2 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-163V-11.5.10.2 Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: CRM HTML Administration). Supported versions that are affected are 11.5.10.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle CRM Technical Foundation accessible data as well as read access to all Oracle CRM Technical Foundation accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:N). Fix has been released CVE-2016-0550 P-1199V-11.5.10.2 P-1199V-12.1.3 P-1199V-12.2.3 P-1199V-12.2.4 P-1199V-12.2.5 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1199V-11.5.10.2 P-1199V-12.1.3 P-1199V-12.2.3 P-1199V-12.2.4 P-1199V-12.2.5 Vulnerability in the Oracle Customer Intelligence component of Oracle E-Business Suite (subcomponent: Data Issues). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Customer Intelligence accessible data as well as read access to all Oracle Customer Intelligence accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:N). Fix has been released CVE-2016-0551 P-390V-11.5.10.2 P-390V-12.1.1 P-390V-12.1.2 P-390V-12.1.3 P-390V-12.2.3 P-390V-12.2.4 P-390V-12.2.5 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-390V-11.5.10.2 P-390V-12.1.1 P-390V-12.1.2 P-390V-12.1.3 P-390V-12.2.3 P-390V-12.2.4 P-390V-12.2.5 Vulnerability in the Oracle Customer Intelligence component of Oracle E-Business Suite (subcomponent: Data Issues). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Customer Intelligence accessible data as well as read access to all Oracle Customer Intelligence accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:N). Fix has been released CVE-2016-0552 P-390V-11.5.10.2 P-390V-12.1.1 P-390V-12.1.2 P-390V-12.1.3 P-390V-12.2.3 P-390V-12.2.4 P-390V-12.2.5 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-390V-11.5.10.2 P-390V-12.1.1 P-390V-12.1.2 P-390V-12.1.3 P-390V-12.2.3 P-390V-12.2.4 P-390V-12.2.5 Vulnerability in the Oracle E-Business Intelligence component of Oracle E-Business Suite (subcomponent: Definition). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle E-Business Intelligence accessible data as well as read access to all Oracle E-Business Intelligence accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:N). Fix has been released CVE-2016-0553 P-163V-11.5.10.2 P-163V-12.1.1 P-163V-12.1.2 P-163V-12.1.3 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-163V-11.5.10.2 P-163V-12.1.1 P-163V-12.1.2 P-163V-12.1.3 Vulnerability in the Oracle Interaction Center Intelligence component of Oracle E-Business Suite (subcomponent: Business Intelligence). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Interaction Center Intelligence accessible data as well as read access to all Oracle Interaction Center Intelligence accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:N). Fix has been released CVE-2016-0554 P-298V-11.5.10.2 P-298V-12.1.1 P-298V-12.1.2 P-298V-12.1.3 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-298V-11.5.10.2 P-298V-12.1.1 P-298V-12.1.2 P-298V-12.1.3 Vulnerability in the Oracle CADView-3D component of Oracle E-Business Suite (subcomponent: Studio). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle CADView-3D accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2016-0555 P-1285V-11.5.10.2 P-1285V-12.1.1 P-1285V-12.1.2 P-1285V-12.1.3 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1285V-11.5.10.2 P-1285V-12.1.1 P-1285V-12.1.2 P-1285V-12.1.3 Vulnerability in the Oracle Advanced Collections component of Oracle E-Business Suite (subcomponent: Administration). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Advanced Collections accessible data as well as read access to all Oracle Advanced Collections accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P+/I:P+/A:N). Fix has been released CVE-2016-0556 P-782V-11.5.10.2 P-782V-12.1.1 P-782V-12.1.2 P-782V-12.1.3 5.5 AV:N/AC:L/Au:S/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-782V-11.5.10.2 P-782V-12.1.1 P-782V-12.1.2 P-782V-12.1.3 Vulnerability in the Oracle Advanced Collections component of Oracle E-Business Suite (subcomponent: Administration). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Advanced Collections accessible data as well as read access to all Oracle Advanced Collections accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P+/I:P+/A:N). Fix has been released CVE-2016-0557 P-782V-11.5.10.2 P-782V-12.1.1 P-782V-12.1.2 P-782V-12.1.3 5.5 AV:N/AC:L/Au:S/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-782V-11.5.10.2 P-782V-12.1.1 P-782V-12.1.2 P-782V-12.1.3 Vulnerability in the Oracle Service Contracts component of Oracle E-Business Suite (subcomponent: Renewals). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Service Contracts accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2016-0558 P-432V-11.5.10.2 P-432V-12.1.1 P-432V-12.1.2 P-432V-12.1.3 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-432V-11.5.10.2 P-432V-12.1.1 P-432V-12.1.2 P-432V-12.1.3 Vulnerability in the Oracle Customer Intelligence component of Oracle E-Business Suite (subcomponent: Data Issues). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Customer Intelligence accessible data as well as read access to all Oracle Customer Intelligence accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:N). Fix has been released CVE-2016-0559 P-390V-11.5.10.2 P-390V-12.1.1 P-390V-12.1.2 P-390V-12.1.3 P-390V-12.2.3 P-390V-12.2.4 P-390V-12.2.5 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-390V-11.5.10.2 P-390V-12.1.1 P-390V-12.1.2 P-390V-12.1.3 P-390V-12.2.3 P-390V-12.2.4 P-390V-12.2.5 Vulnerability in the Oracle Customer Intelligence component of Oracle E-Business Suite (subcomponent: Data Issues). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Customer Intelligence accessible data as well as read access to all Oracle Customer Intelligence accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:N). Fix has been released CVE-2016-0560 P-390V-11.5.10.2 P-390V-12.1.1 P-390V-12.1.2 P-390V-12.1.3 P-390V-12.2.3 P-390V-12.2.4 P-390V-12.2.5 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-390V-11.5.10.2 P-390V-12.1.1 P-390V-12.1.2 P-390V-12.1.3 P-390V-12.2.3 P-390V-12.2.4 P-390V-12.2.5 Vulnerability in the Oracle E-Business Intelligence component of Oracle E-Business Suite (subcomponent: Definition). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle E-Business Intelligence accessible data as well as read access to all Oracle E-Business Intelligence accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P+/I:P+/A:N). Fix has been released CVE-2016-0561 P-163V-11.5.10.2 P-163V-12.1.1 P-163V-12.1.2 P-163V-12.1.3 5.5 AV:N/AC:L/Au:S/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-163V-11.5.10.2 P-163V-12.1.1 P-163V-12.1.2 P-163V-12.1.3 Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: CRM User Management Framework). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Common Applications accessible data. CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). Fix has been released CVE-2016-0562 P-1198V-11.5.10.2 P-1198V-12.1.1 P-1198V-12.1.2 P-1198V-12.1.3 4.0 AV:N/AC:L/Au:S/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1198V-11.5.10.2 P-1198V-12.1.1 P-1198V-12.1.2 P-1198V-12.1.3 Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Common Techstack). Supported versions that are affected are 11.5.10.2 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle CRM Technical Foundation accessible data as well as read access to all Oracle CRM Technical Foundation accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:N). Fix has been released CVE-2016-0563 P-1199V-11.5.10.2 P-1199V-12.1.3 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1199V-11.5.10.2 P-1199V-12.1.3 Vulnerability in the Oracle E-Business Intelligence component of Oracle E-Business Suite (subcomponent: Overview Page/Report Rendering). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle E-Business Intelligence accessible data as well as read access to all Oracle E-Business Intelligence accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P+/I:P+/A:N). Fix has been released CVE-2016-0564 P-163V-11.5.10.2 P-163V-12.1.1 P-163V-12.1.2 P-163V-12.1.3 5.5 AV:N/AC:L/Au:S/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-163V-11.5.10.2 P-163V-12.1.1 P-163V-12.1.2 P-163V-12.1.3 Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: Marketing Administration). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Marketing accessible data. CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). Fix has been released CVE-2016-0565 P-229V-11.5.10.2 P-229V-12.1.1 P-229V-12.1.2 P-229V-12.1.3 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-229V-11.5.10.2 P-229V-12.1.1 P-229V-12.1.2 P-229V-12.1.3 Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: Deliverables). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Marketing accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2016-0566 P-229V-11.5.10.2 P-229V-12.1.1 P-229V-12.1.2 P-229V-12.1.3 P-229V-12.2.3 P-229V-12.2.4 P-229V-12.2.5 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-229V-11.5.10.2 P-229V-12.1.1 P-229V-12.1.2 P-229V-12.1.3 P-229V-12.2.3 P-229V-12.2.4 P-229V-12.2.5 Vulnerability in the Oracle E-Business Intelligence component of Oracle E-Business Suite (subcomponent: Embedded Data Warehouse). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle E-Business Intelligence accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2016-0567 P-163V-11.5.10.2 P-163V-12.1.1 P-163V-12.1.2 P-163V-12.1.3 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-163V-11.5.10.2 P-163V-12.1.1 P-163V-12.1.2 P-163V-12.1.3 Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: Server Components). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Email Center accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2016-0568 P-950V-12.1.1 P-950V-12.1.2 P-950V-12.1.3 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-950V-12.1.1 P-950V-12.1.2 P-950V-12.1.3 Vulnerability in the Oracle E-Business Intelligence component of Oracle E-Business Suite (subcomponent: Overview Page/Report Rendering). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle E-Business Intelligence accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2016-0569 P-163V-11.5.10.2 P-163V-12.1.1 P-163V-12.1.2 P-163V-12.1.3 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-163V-11.5.10.2 P-163V-12.1.1 P-163V-12.1.2 P-163V-12.1.3 Vulnerability in the Oracle HCM Configuration Workbench component of Oracle E-Business Suite (subcomponent: Internal Operations). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle HCM Configuration Workbench accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2016-0570 P-2011V-12.1.1 P-2011V-12.1.2 P-2011V-12.1.3 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-2011V-12.1.1 P-2011V-12.1.2 P-2011V-12.1.3 Vulnerability in the Oracle Balanced Scorecard component of Oracle E-Business Suite (subcomponent: Scorecard Security). Supported versions that are affected are 11.5.10.2 and 12.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Balanced Scorecard accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2016-0571 P-205V-11.5.10.2 P-205V-12.1 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-205V-11.5.10.2 P-205V-12.1 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Coherence Container). Supported versions that are affected are 10.3.6, 12.1.2, 12.1.3 and 12.2.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized takeover of Oracle WebLogic Server possibly including arbitrary code execution within the Oracle WebLogic Server. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:P+). Fix has been released CVE-2016-0572 P-5242V-10.3.6 P-5242V-12.1.2 P-5242V-12.1.3 P-5242V-12.2.1 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-5242V-10.3.6 P-5242V-12.1.2 P-5242V-12.1.3 P-5242V-12.2.1 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Java Messaging Service). Supported versions that are affected are 10.3.6, 12.1.2, 12.1.3 and 12.2.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via JMS. Successful attack of this vulnerability can result in unauthorized takeover of Oracle WebLogic Server possibly including arbitrary code execution within the Oracle WebLogic Server. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:P+). Fix has been released CVE-2016-0573 P-5242V-10.3.6 P-5242V-12.1.2 P-5242V-12.1.3 P-5242V-12.2.1 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-5242V-10.3.6 P-5242V-12.1.2 P-5242V-12.1.3 P-5242V-12.2.1 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6, 12.1.2, 12.1.3 and 12.2.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized takeover of Oracle WebLogic Server possibly including arbitrary code execution within the Oracle WebLogic Server. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:P+). Fix has been released CVE-2016-0574 P-5242V-10.3.6 P-5242V-12.1.2 P-5242V-12.1.3 P-5242V-12.2.1 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-5242V-10.3.6 P-5242V-12.1.2 P-5242V-12.1.3 P-5242V-12.2.1 Vulnerability in the Oracle Learning Management component of Oracle E-Business Suite (subcomponent: OTA Self Service). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Learning Management accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2016-0575 P-937V-11.5.10.2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-937V-11.5.10.2 Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: ICX LOVs). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Application Object Library accessible data as well as read access to all Oracle Application Object Library accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:N). Fix has been released CVE-2016-0576 P-510V-11.5.10.2 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-510V-11.5.10.2 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6, 12.1.2, 12.1.3 and 12.2.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via T3. Successful attack of this vulnerability can result in unauthorized takeover of Oracle WebLogic Server possibly including arbitrary code execution within the Oracle WebLogic Server. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:P+). Fix has been released CVE-2016-0577 P-5242V-10.3.6 P-5242V-12.1.2 P-5242V-12.1.3 P-5242V-12.2.1 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-5242V-10.3.6 P-5242V-12.1.2 P-5242V-12.1.3 P-5242V-12.2.1 Vulnerability in the Oracle CRM Technology Foundation component of Oracle E-Business Suite (subcomponent: BIS Common Components). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle CRM Technology Foundation accessible data as well as read access to all Oracle CRM Technology Foundation accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:N). Fix has been released CVE-2016-0578 P-1199V-11.5.10.2 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1199V-11.5.10.2 Vulnerability in the Oracle CRM Technology Foundation component of Oracle E-Business Suite (subcomponent: BIS Common Components). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle CRM Technology Foundation accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2016-0579 P-1199V-11.5.10.2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1199V-11.5.10.2 Vulnerability in the Oracle Report Manager component of Oracle E-Business Suite (subcomponent: Publishing). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Report Manager. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P+). Fix has been released CVE-2016-0580 P-777V-11.5.10.2 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-777V-11.5.10.2 Vulnerability in the Oracle Approvals Management component of Oracle E-Business Suite (subcomponent: AME Page rendering). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Approvals Management accessible data as well as read access to all Oracle Approvals Management accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:N). Fix has been released CVE-2016-0581 P-1168V-11.5.10.2 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1168V-11.5.10.2 Vulnerability in the Oracle CRM Technology Foundation component of Oracle E-Business Suite (subcomponent: BIS Common Components). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle CRM Technology Foundation accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2016-0582 P-1199V-11.5.10.2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1199V-11.5.10.2 Vulnerability in the Oracle CRM Technology Foundation component of Oracle E-Business Suite (subcomponent: BIS Common Components). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle CRM Technology Foundation accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2016-0583 P-1199V-11.5.10.2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1199V-11.5.10.2 Vulnerability in the Oracle CRM Technology Foundation component of Oracle E-Business Suite (subcomponent: BIS Common Components). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle CRM Technology Foundation accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2016-0584 P-1199V-11.5.10.2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1199V-11.5.10.2 Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: ICX Error). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Application Object Library. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P+). Fix has been released CVE-2016-0585 P-510V-11.5.10.2 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-510V-11.5.10.2 Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: iHelp). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Object Library accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2016-0586 P-510V-11.5.10.2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-510V-11.5.10.2 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: File Processing). Supported versions that are affected are 8.53, 8.54 and 8.55. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Fix has been released CVE-2016-0587 P-5085V-8.53 P-5085V-8.54 P-5085V-8.55 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-5085V-8.53 P-5085V-8.54 P-5085V-8.55 Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Consolidation Hierarchy Viewer). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle General Ledger accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2016-0588 P-500V-11.5.10.2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-500V-11.5.10.2 Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Menu). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Application Object Library accessible data as well as read access to all Oracle Application Object Library accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:N). Fix has been released CVE-2016-0589 P-510V-11.5.10.2 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-510V-11.5.10.2 Vulnerability in the PeopleSoft Enterprise SCM Order Management component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 9.1 and 9.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise SCM Order Management accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2016-0590 P-5127V-9.1 P-5127V-9.2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-5127V-9.1 P-5127V-9.2 Vulnerability in the PeopleSoft Enterprise SCM Purchasing component of Oracle PeopleSoft Products (subcomponent: Supplier Change). Supported versions that are affected are 9.1 and 9.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise SCM Purchasing accessible data as well as read access to a subset of PeopleSoft Enterprise SCM Purchasing accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). Fix has been released CVE-2016-0591 P-5133V-9.1 P-5133V-9.2 5.5 AV:N/AC:L/Au:S/C:P/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-5133V-9.1 P-5133V-9.2 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are VirtualBox prior to 4.3.36 and prior to 5.0.14. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Fix has been released CVE-2016-0592 P-8370V-VirtualBox prior to 4.3.36 P-8370V-prior to 5.0.14 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-8370V-VirtualBox prior to 4.3.36 P-8370V-prior to 5.0.14 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.6.21 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2016-0594 P-8478V-5.6.21 and earlier 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-8478V-5.6.21 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.6.27 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2016-0595 P-8478V-5.6.27 and earlier 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-8478V-5.6.27 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.46 and earlier and 5.6.27 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2016-0596 P-8478V-5.5.46 and earlier P-8478V-5.6.27 and earlier 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-8478V-5.5.46 and earlier P-8478V-5.6.27 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.46 and earlier, 5.6.27 and earlier and 5.7.9. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2016-0597 P-8478V-5.5.46 and earlier P-8478V-5.6.27 and earlier P-8478V-5.7.9 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-8478V-5.5.46 and earlier P-8478V-5.6.27 and earlier P-8478V-5.7.9 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.46 and earlier, 5.6.27 and earlier and 5.7.9. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2016-0598 P-8478V-5.5.46 and earlier P-8478V-5.6.27 and earlier P-8478V-5.7.9 3.5 AV:N/AC:M/Au:S/C:N/I:N/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-8478V-5.5.46 and earlier P-8478V-5.6.27 and earlier P-8478V-5.7.9 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). The supported version that is affected is 5.7.9. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2016-0599 P-8478V-5.7.9 3.5 AV:N/AC:M/Au:S/C:N/I:N/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-8478V-5.7.9 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.5.46 and earlier, 5.6.27 and earlier and 5.7.9. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). Fix has been released CVE-2016-0600 P-8478V-5.5.46 and earlier P-8478V-5.6.27 and earlier P-8478V-5.7.9 3.5 AV:N/AC:M/Au:S/C:N/I:N/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-8478V-5.5.46 and earlier P-8478V-5.6.27 and earlier P-8478V-5.7.9 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). The supported version that is affected is 5.7.9. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2016-0601 P-8478V-5.7.9 3.5 AV:N/AC:M/Au:S/C:N/I:N/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-8478V-5.7.9 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Windows Installer). The supported version that is affected is VirtualBox prior to 5.0.14. Very difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:L/AC:H/Au:N/C:C/I:C/A:C). Fix has been released CVE-2016-0602 P-8370V-VirtualBox prior to 5.0.14 6.2 AV:L/AC:H/Au:N/C:C/I:C/A:C CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-8370V-VirtualBox prior to 5.0.14 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: General). Supported versions that are affected are 5.6.26 and earlier. Very difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:H/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2016-0605 P-8478V-5.6.26 and earlier 2.1 AV:N/AC:H/Au:S/C:N/I:N/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-8478V-5.6.26 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.46 and earlier, 5.6.27 and earlier and 5.7.9. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some MySQL Server accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Fix has been released CVE-2016-0606 P-8478V-5.5.46 and earlier P-8478V-5.6.27 and earlier P-8478V-5.7.9 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-8478V-5.5.46 and earlier P-8478V-5.6.27 and earlier P-8478V-5.7.9 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.27 and earlier and 5.7.9. Difficult to exploit vulnerability allows successful network attacks via multiple protocols, requiring multiple authentications. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 2.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:M/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:M/Au:M/C:N/I:N/A:P+). Fix has been released CVE-2016-0607 P-8478V-5.6.27 and earlier P-8478V-5.7.9 2.8 AV:N/AC:M/Au:M/C:N/I:N/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-8478V-5.6.27 and earlier P-8478V-5.7.9 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: UDF). Supported versions that are affected are 5.5.46 and earlier, 5.6.27 and earlier and 5.7.9. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2016-0608 P-8478V-5.5.46 and earlier P-8478V-5.6.27 and earlier P-8478V-5.7.9 3.5 AV:N/AC:M/Au:S/C:N/I:N/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-8478V-5.5.46 and earlier P-8478V-5.6.27 and earlier P-8478V-5.7.9 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.46 and earlier, 5.6.27 and earlier and 5.7.9. Very difficult to exploit vulnerability allows successful network attacks via multiple protocols, requiring multiple authentications. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 1.7 (Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:M/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:H/Au:M/C:N/I:N/A:P+). Fix has been released CVE-2016-0609 P-8478V-5.5.46 and earlier P-8478V-5.6.27 and earlier P-8478V-5.7.9 1.7 AV:N/AC:H/Au:M/C:N/I:N/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-8478V-5.5.46 and earlier P-8478V-5.6.27 and earlier P-8478V-5.7.9 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.27 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2016-0610 P-8478V-5.6.27 and earlier 3.5 AV:N/AC:M/Au:S/C:N/I:N/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-8478V-5.6.27 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.27 and earlier and 5.7.9. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2016-0611 P-8478V-5.6.27 and earlier P-8478V-5.7.9 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-8478V-5.6.27 and earlier P-8478V-5.7.9 Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0 and 12.2.1.0.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Fix has been released CVE-2016-0614 P-1479V-11.1.1.7.0 P-1479V-11.1.1.9.0 P-1479V-12.2.1.0.0 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-1479V-11.1.1.7.0 P-1479V-11.1.1.9.0 P-1479V-12.2.1.0.0 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.46 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2016-0616 P-8478V-5.5.46 and earlier 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-8478V-5.5.46 and earlier Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Zones). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System plus additional, multiple logins to components. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized read access to a subset of Solaris accessible data. CVSS Base Score 1.4 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:M/C:P/I:N/A:N). Oracle Vector: (AV:L/AC:L/Au:M/C:P/I:N/A:N). Fix has been released CVE-2016-0618 P-10006V-11 1.4 AV:L/AC:L/Au:M/C:P/I:N/A:N CPUJan2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2016.html P-10006V-11