Oracle Critical Patch Update Advisory - April 2016 - Oracle CVRF Oracle Critical Patch Update Advisory CPUApr2016 Final 1.0 1.0 2016-04-19T13:00:00-07:00 Initial Distribution 2016-04-19T13:00:00-07:00 2016-04-19T13:00:00-07:00 This document contains descriptions of Oracle product security vulnerabilities which have had fixes released for all supported versions and platforms for the associated product. Additional information regarding these vulnerabilities including fix distribution information can be found at the Oracle sites referenced in this document. This document is published at: http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/2948264.xml https://www.oracle.com/security-alerts/cpuapr2016v3.html URL to html version of Advisory Adam Willard Raytheon Foreground Security Alex Gaynor Alex Gaynor Alexander Innes Necurity Alexander Kornbrust Red Database Security Ali Tabish Ali Tabish bo13oy of CloverSec Labs Brian Martin Tenable Network Security Chen Qin Alpha Lab of Beijing Topsec Daniel Bleichenbacher of Google David Cash NCC Group David Litchfield Google Dennis Tighe Amazon Web Services IT Security Devin Rosenbauer Identity Works LLC Jacob Baines Tenable Network Security Jakub Palaczynski ING Services Polska John Page (hyp3rlinx) Joshua Maddux Joshua Maddux Kenan Gümüş Khair Alhamad Khair Alhamad Lionel Debroux Lionel Debroux Marcin Wołoszyn ING Services Polska Mark E D Thomas Mark E D Thomas Accenture TVM Prague Matias Mevied Onapsis Matthias Kaiser Code White s1x and m4xk from Docler Holding IT Security Team Muzammil Abbas Kayani Muzammil Abbas Kayani Paul Kehrer Paul Kehrer Pierre Ernst Salesforce.com Quan Nguyen Google Aleksandar Nikolic of Cisco Talos Steffen Guertler Bosch Software Innovations GmbH Sule Bekin Turk Telekom Thomas Van Tongerloo Hewlett Packard Enterprise Xmiss Moroccan bo13oy Trend Micro's Zero Day Initiative Oracle Berkeley DB Version 11.2.5.0.32 Oracle Berkeley DB Version 11.2.5.1.29 Oracle Berkeley DB Version 11.2.5.2.42 Oracle Berkeley DB Version 11.2.5.3.28 Oracle Berkeley DB Version 12.1.6.0.35 Oracle Berkeley DB Version 12.1.6.1.26 Communications User Data Repository Version 10.0.1 Oracle Database Version 11.2.0.4 Oracle Database Version 12.1.0.1 Oracle Database Version 12.1.0.2 OLAP Version 11.2.0.4 OLAP Version 12.1.0.1 OLAP Version 12.1.0.2 Application Object Library Version 12.1.3 Application Object Library Version 12.2.3 Application Object Library Version 12.2.4 Application Object Library Version 12.2.5 Field Service Version 12.1.1 Field Service Version 12.1.2 Field Service Version 12.1.3 CRM Technical Foundation Version 12.1.3 Applications Framework Version 12.1.3 Applications Framework Version 12.2.3 Applications Framework Version 12.2.4 Applications Framework Version 12.2.5 Common Applications Calendar Version 12.1.1 Common Applications Calendar Version 12.1.2 Common Applications Calendar Version 12.1.3 Application Testing Suite Version 12.4.0.2 Application Testing Suite Version 12.5.0.2 FLEXCUBE Direct Banking Version 12.0.2 FLEXCUBE Direct Banking Version 12.0.3 HTTP Server Version 12.1.2.0 BI Publisher (formerly XML Publisher) Version 12.2.1.0.0 Business Intelligence Enterprise Edition Version 11.1.1.7.0 Business Intelligence Enterprise Edition Version 11.1.1.9.0 Business Intelligence Enterprise Edition Version 12.2.1.0.0 Outside In Technology Version 8.5.0 Outside In Technology Version 8.5.1 Outside In Technology Version 8.5.2 WebLogic Server Version 10.3.6 WebLogic Server Version 12.1.2 WebLogic Server Version 12.1.3 WebLogic Server Version 12.2.1 Tuxedo Version 12.1.1.0 GlassFish Server Version 2.1.1 OpenSSO Version 3.0-0.7 iPlanet Web Proxy Server Version 4.0 iPlanet Web Server Version 7.0 API Gateway Version 11.1.2.3.0 API Gateway Version 11.1.2.4.0 Traffic Director Version 11.1.1.7.0 Traffic Director Version 11.1.1.9.0 Exalogic Infrastructure Version 1.0 Exalogic Infrastructure Version 2.0 WebCenter Sites Version 11.1.1.8.0 WebCenter Sites Version 12.2.1 Life Sciences Data Hub Version 2.1 JD Edwards EnterpriseOne Tools Version 9.1 JD Edwards EnterpriseOne Tools Version 9.2 Java Version 7u99 Java Version 8u77 Java Version 8u77; Java SE Embedded: 8u77 Java Version 8u77; Java SE Embedded: 8u77; JRockit: R28.3.9 Java Version Java SE: 6u113 Java Version Java SE: 8u77; Java SE Embedded: 8u77 MySQL Server Version 5.5.46 and earlier MySQL Server Version 5.5.47 and earlier MySQL Server Version 5.5.48 and earlier MySQL Server Version 5.6.28 and earlier MySQL Server Version 5.6.28 and earlier5.7.10 and earlier MySQL Server Version 5.6.29 and earlier MySQL Server Version 5.7.10 and earlier MySQL Server Version 5.7.11 and earlier MySQL Enterprise Monitor Version 3.0.25 and earlier MySQL Enterprise Monitor Version 3.1.2 and earlier PeopleSoft Enterprise HCM ePerformance Version 9.2 PeopleSoft Enterprise HCM Human Resources Version 9.1 PeopleSoft Enterprise HCM Human Resources Version 9.2 PeopleSoft Enterprise PT PeopleTools Version 54 PeopleSoft Enterprise PT PeopleTools Version 8 PeopleSoft Enterprise PT PeopleTools Version 8.53 PeopleSoft Enterprise PT PeopleTools Version 8.54 PeopleSoft Enterprise PT PeopleTools Version 8.55 PeopleSoft Enterprise SCM Services Procurement Version 9.1 PeopleSoft Enterprise SCM Services Procurement Version 9.2 Retail Xstore Point of Service Version 5.0 Retail Xstore Point of Service Version 5.5 Retail Xstore Point of Service Version 6.0 Retail Xstore Point of Service Version 6.5 Retail Xstore Point of Service Version 7.0 Retail Xstore Point of Service Version 7.1 MICROS ARSPOS Version 1.5 MICROS C2 Version 9.89.0.0 Siebel UI Framework Version 8.1.1 Siebel UI Framework Version 8.2.2 Siebel Core - Common Components Version 8.1.1 Siebel Core - Common Components Version 8.2.2 SPARC - OPL Service Processor (XCP) Version XCP prior to XCP 1121 OPUS 10G Ethernet Switch Family Version Versions prior to 2.0.0.6 Solaris Cluster Version 4.2 Solaris Operating System Version 10 Solaris Operating System Version 11.3 Sun Storage Common Array Manager (CAM) Version 6.9.0 Fujitsu M10 Firmware Version XCP prior to XCP2290 Configurator Version 12.1 Configurator Version 12.2 Complex Maintenance, Repair, and Overhaul Version 12.1.1 Complex Maintenance, Repair, and Overhaul Version 12.1.2 Complex Maintenance, Repair, and Overhaul Version 12.1.3 Transportation Management Version 6.1 Transportation Management Version 6.2 Agile Engineering Data Management Version 6.1.3.0 Agile Engineering Data Management Version 6.2.0.0 Agile PLM Framework Version 9.3.1.1 Agile PLM Framework Version 9.3.1.2 Agile PLM Framework Version 9.3.2 Agile PLM Framework Version 9.3.3 Sun Ray Software Version 11.1 Oracle VM VirtualBox Version VirtualBox prior to 4.3.36 Oracle VM VirtualBox Version VirtualBox prior to 5.0.16 Oracle VM VirtualBox Version VirtualBox prior to 5.0.18 Oracle VM VirtualBox Version prior to 5.0.14 Vulnerability in the Sun Storage Common Array Manager component of Oracle Sun Systems Products Suite (subcomponent: Jetty Web Server). The supported version that is affected is 6.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun Storage Common Array Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Sun Storage Common Array Manager. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Fix has been released CVE-2011-4461 P-10024V-6.9.0 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-10024V-6.9.0 Vulnerability in the SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers component of Oracle Sun Systems Products Suite (subcomponent: XCP Firmware). The supported version that is affected is XCP prior to XCP 1121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2013-2566 P-9845V-XCP prior to XCP 1121 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-9845V-XCP prior to XCP 1121 Vulnerability in the Fujitsu M10-1, M10-4, M10-4S Servers component of Oracle Sun Systems Products Suite (subcomponent: XCP Firmware). The supported version that is affected is XCP prior to XCP2290. Easily exploitable vulnerability allows unauthenticated attacker with network access via IPMI to compromise Fujitsu M10-1, M10-4, M10-4S Servers. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Fujitsu M10-1, M10-4, M10-4S Servers accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2013-4786 P-10656V-XCP prior to XCP2290 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-10656V-XCP prior to XCP2290 Vulnerability in the Oracle Communications User Data Repository component of Oracle Communications Applications (subcomponent: Security). The supported version that is affected is 10.0.1. Difficult to exploit vulnerability allows low privileged attacker with network access via OpenSSH to compromise Oracle Communications User Data Repository. While the vulnerability is in Oracle Communications User Data Repository, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications User Data Repository accessible data as well as unauthorized read access to a subset of Oracle Communications User Data Repository accessible data. CVSS 3.0 Base Score 4.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N). Fix has been released CVE-2014-2532 P-11108V-10.0.1 4.9 AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-11108V-10.0.1 Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: GlassFish Server). The supported version that is affected is 4.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Solaris Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Solaris Cluster accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). Fix has been released CVE-2014-3566 P-10005V-4.2 3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-10005V-4.2 Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware (subcomponent: Security). The supported version that is affected is 12.2.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle BI Publisher. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2014-3576 P-1479V-12.2.1.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-1479V-12.2.1.0.0 Vulnerability in the SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers component of Oracle Sun Systems Products Suite (subcomponent: XCP Firmware). The supported version that is affected is XCP prior to XCP 1121. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2015-1789 P-9845V-XCP prior to XCP 1121 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-9845V-XCP prior to XCP 1121 Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: OneWorld Tools Security). Supported versions that are affected are 9.1 and 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N). Fix has been released CVE-2015-1793 P-4781V-9.1 P-4781V-9.2 6.5 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-4781V-9.1 P-4781V-9.2 Vulnerability in the Oracle Ethernet Switch ES2-72, Oracle Ethernet Switch ES2-64 component of Oracle Sun Systems Products Suite (subcomponent: Firmware). The supported version that is affected is Versions prior to 2.0.0.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Ethernet Switch ES2-72, Oracle Ethernet Switch ES2-64. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Ethernet Switch ES2-72, Oracle Ethernet Switch ES2-64 accessible data as well as unauthorized read access to a subset of Oracle Ethernet Switch ES2-72, Oracle Ethernet Switch ES2-64 accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N). Fix has been released CVE-2015-1793 P-9889V-Versions prior to 2.0.0.6 6.5 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-9889V-Versions prior to 2.0.0.6 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.28 and earlier and 5.7.10 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2015-3194 P-8478V-5.6.28 and earlier P-8478V-5.7.10 and earlier 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-8478V-5.6.28 and earlier P-8478V-5.7.10 and earlier Vulnerability in the Oracle Life Sciences Data Hub component of Oracle Health Sciences Applications (subcomponent: Open SSL). The supported version that is affected is 2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Life Sciences Data Hub. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Life Sciences Data Hub. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Fix has been released CVE-2015-3195 P-1710V-2.1 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-1710V-2.1 Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Install). Supported versions that are affected are 6.1 and 6.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Transportation Management. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Fix has been released CVE-2015-3195 P-1991V-6.1 P-1991V-6.2 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-1991V-6.1 P-1991V-6.2 Vulnerability in the Sun Ray Software component of Oracle Virtualization (subcomponent: Sun Ray Server Software). The supported version that is affected is 11.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Sun Ray Software. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun Ray Software. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2015-3195 P-8242V-11.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-8242V-11.1 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are VirtualBox prior to 4.3.36 and prior to 5.0.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2015-3195 P-8370V-VirtualBox prior to 4.3.36 P-8370V-prior to 5.0.14 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-8370V-VirtualBox prior to 4.3.36 P-8370V-prior to 5.0.14 Vulnerability in the Oracle API Gateway component of Oracle Fusion Middleware (subcomponent: OAG). Supported versions that are affected are 11.1.2.3.0 and 11.1.2.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle API Gateway. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle API Gateway. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Fix has been released CVE-2015-3195 P-9195V-11.1.2.3.0 P-9195V-11.1.2.4.0 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-9195V-11.1.2.3.0 P-9195V-11.1.2.4.0 Vulnerability in the Oracle Exalogic Infrastructure component of Oracle Fusion Middleware (subcomponent: Network Infra Framework). Supported versions that are affected are 1.0 and 2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Exalogic Infrastructure. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Exalogic Infrastructure. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Fix has been released CVE-2015-3195 P-9415V-1.0 P-9415V-2.0 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-9415V-1.0 P-9415V-2.0 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 8.53, 8.54 and 8.55. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2015-3197 P-5085V-8.53 P-5085V-8.54 P-5085V-8.55 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-5085V-8.53 P-5085V-8.54 P-5085V-8.55 Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Open SSL). The supported version that is affected is 12.1.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Tuxedo. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Tuxedo accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2015-3197 P-5433V-12.1.1.0 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-5433V-12.1.1.0 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is VirtualBox prior to 5.0.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2015-3197 P-8370V-VirtualBox prior to 5.0.16 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-8370V-VirtualBox prior to 5.0.16 Vulnerability in the Oracle Exalogic Infrastructure component of Oracle Fusion Middleware (subcomponent: Base Image). Supported versions that are affected are 1.0 and 2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Exalogic Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Exalogic Infrastructure accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2015-3197 P-9415V-1.0 P-9415V-2.0 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-9415V-1.0 P-9415V-2.0 Vulnerability in the SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers component of Oracle Sun Systems Products Suite (subcomponent: XCP Firmware). The supported version that is affected is XCP prior to XCP 1121. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers. Successful attacks of this vulnerability can result in unauthorized read access to a subset of SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L). Fix has been released CVE-2015-3238 P-9845V-XCP prior to XCP 1121 6.5 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-9845V-XCP prior to XCP 1121 Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Sites). Supported versions that are affected are 11.1.1.8.0 and 12.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Sites. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2015-3253 P-9617V-11.1.1.8.0 P-9617V-12.2.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-9617V-11.1.1.8.0 P-9617V-12.2.1 Vulnerability in the SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers component of Oracle Sun Systems Products Suite (subcomponent: XCP Firmware). The supported version that is affected is XCP prior to XCP 1121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers accessible data. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Fix has been released CVE-2015-4000 P-9845V-XCP prior to XCP 1121 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-9845V-XCP prior to XCP 1121 Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). The supported version that is affected is 2.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in takeover of Oracle GlassFish Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2015-7182 P-8493V-2.1.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-8493V-2.1.1 Vulnerability in the Oracle OpenSSO component of Oracle Fusion Middleware (subcomponent: Web Agents). Supported versions that are affected are 3.0-0.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle OpenSSO. Successful attacks of this vulnerability can result in takeover of Oracle OpenSSO. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2015-7182 P-8520V-3.0-0.7 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-8520V-3.0-0.7 Vulnerability in the Oracle iPlanet Web Proxy Server component of Oracle Fusion Middleware (subcomponent: Security). The supported version that is affected is 4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iPlanet Web Proxy Server. Successful attacks of this vulnerability can result in takeover of Oracle iPlanet Web Proxy Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2015-7182 P-8542V-4.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-8542V-4.0 Vulnerability in the Oracle iPlanet Web Server component of Oracle Fusion Middleware (subcomponent: Security). The supported version that is affected is 7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iPlanet Web Server. Successful attacks of this vulnerability can result in takeover of Oracle iPlanet Web Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2015-7182 P-8543V-7.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-8543V-7.0 Vulnerability in the Oracle Traffic Director component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 11.1.1.7.0 and 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Traffic Director. Successful attacks of this vulnerability can result in takeover of Oracle Traffic Director. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2015-7182 P-9276V-11.1.1.7.0 P-9276V-11.1.1.9.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-9276V-11.1.1.7.0 P-9276V-11.1.1.9.0 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Utilities). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via RPC to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2015-7236 P-10006V-10 P-10006V-11.3 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-10006V-10 P-10006V-11.3 Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Install). Supported versions that are affected are 12.4.0.2 and 12.5.0.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in takeover of Oracle Application Testing Suite. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2015-7501 P-4622V-12.4.0.2 P-4622V-12.5.0.2 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-4622V-12.4.0.2 P-4622V-12.5.0.2 Vulnerability in the Oracle Exalogic Infrastructure component of Oracle Fusion Middleware (subcomponent: Base Image). Supported versions that are affected are 1.0 and 2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Exalogic Infrastructure. Successful attacks of this vulnerability can result in takeover of Oracle Exalogic Infrastructure. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2015-7547 P-9415V-1.0 P-9415V-2.0 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-9415V-1.0 P-9415V-2.0 Vulnerability in the Fujitsu M10-1, M10-4, M10-4S Servers component of Oracle Sun Systems Products Suite (subcomponent: XCP Firmware). The supported version that is affected is XCP prior to XCP2290. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Fujitsu M10-1, M10-4, M10-4S Servers. Successful attacks of this vulnerability can result in takeover of Fujitsu M10-1, M10-4, M10-4S Servers. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2015-7547 P-10656V-XCP prior to XCP2290 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-10656V-XCP prior to XCP2290 Vulnerability in the PeopleSoft Enterprise HCM component of Oracle PeopleSoft Products (subcomponent: Fusion HR Talent Integration). Supported versions that are affected are 9.1 and 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise HCM accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2016-0407 P-5071V-9.1 P-5071V-9.2 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-5071V-9.1 P-5071V-9.2 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Activity Guide). Supported versions that are affected are 8.53, 8.54 and 8.55. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2016-0408 P-5085V-8.53 P-5085V-8.54 P-5085V-8.55 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-5085V-8.53 P-5085V-8.54 P-5085V-8.55 Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Web General). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0 and 12.2.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2016-0468 P-2025V-11.1.1.7.0 P-2025V-11.1.1.9.0 P-2025V-12.2.1.0.0 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-2025V-11.1.1.7.0 P-2025V-11.1.1.9.0 P-2025V-12.2.1.0.0 Vulnerability in the Oracle Retail MICROS C2 component of Oracle Retail Applications (subcomponent: POS). The supported version that is affected is 9.89.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Retail MICROS C2 executes to compromise Oracle Retail MICROS C2. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail MICROS C2 accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2016-0469 P-12776V-9.89.0.0 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-12776V-9.89.0.0 Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Scorecard). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0 and 12.2.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2016-0479 P-2025V-11.1.1.7.0 P-2025V-11.1.1.9.0 P-2025V-12.2.1.0.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-2025V-11.1.1.7.0 P-2025V-11.1.1.9.0 P-2025V-12.2.1.0.0 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Automated Installer). The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N). Fix has been released CVE-2016-0623 P-10006V-11.3 4.7 AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-10006V-11.3 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Java Messaging Service). Supported versions that are affected are 10.3.6, 12.1.2, 12.1.3 and 12.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via JMS to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2016-0638 P-5242V-10.3.6 P-5242V-12.1.2 P-5242V-12.1.3 P-5242V-12.2.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-5242V-10.3.6 P-5242V-12.1.2 P-5242V-12.1.3 P-5242V-12.2.1 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Authentication). Supported versions that are affected are 5.6.29 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2016-0639 P-8478V-5.6.29 and earlier P-8478V-5.7.11 and earlier 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-8478V-5.6.29 and earlier P-8478V-5.7.11 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.47 and earlier, 5.6.28 and earlier and 5.7.10 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 6.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H). Fix has been released CVE-2016-0640 P-8478V-5.5.47 and earlier P-8478V-5.6.28 and earlier P-8478V-5.7.10 and earlier 6.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-8478V-5.5.47 and earlier P-8478V-5.6.28 and earlier P-8478V-5.7.10 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.47 and earlier, 5.6.28 and earlier and 5.7.10 and earlier. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server and unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H). Fix has been released CVE-2016-0641 P-8478V-5.5.47 and earlier P-8478V-5.6.28 and earlier P-8478V-5.7.10 and earlier 5.1 AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-8478V-5.5.47 and earlier P-8478V-5.6.28 and earlier P-8478V-5.7.10 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Federated). Supported versions that are affected are 5.5.48 and earlier, 5.6.29 and earlier and 5.7.11 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.7 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H). Fix has been released CVE-2016-0642 P-8478V-5.5.48 and earlier P-8478V-5.6.29 and earlier P-8478V-5.7.11 and earlier 4.7 AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-8478V-5.5.48 and earlier P-8478V-5.6.29 and earlier P-8478V-5.7.11 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.48 and earlier, 5.6.29 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). Fix has been released CVE-2016-0643 P-8478V-5.5.48 and earlier P-8478V-5.6.29 and earlier P-8478V-5.7.11 and earlier 3.3 AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-8478V-5.5.48 and earlier P-8478V-5.6.29 and earlier P-8478V-5.7.11 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.47 and earlier, 5.6.28 and earlier and 5.7.10 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2016-0644 P-8478V-5.5.47 and earlier P-8478V-5.6.28 and earlier P-8478V-5.7.10 and earlier 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-8478V-5.5.47 and earlier P-8478V-5.6.28 and earlier P-8478V-5.7.10 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.47 and earlier, 5.6.28 and earlier and 5.7.10 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2016-0646 P-8478V-5.5.47 and earlier P-8478V-5.6.28 and earlier P-8478V-5.7.10 and earlier 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-8478V-5.5.47 and earlier P-8478V-5.6.28 and earlier P-8478V-5.7.10 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 5.5.48 and earlier, 5.6.29 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2016-0647 P-8478V-5.5.48 and earlier P-8478V-5.6.29 and earlier P-8478V-5.7.11 and earlier 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-8478V-5.5.48 and earlier P-8478V-5.6.29 and earlier P-8478V-5.7.11 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: PS). Supported versions that are affected are 5.5.48 and earlier, 5.6.29 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2016-0648 P-8478V-5.5.48 and earlier P-8478V-5.6.29 and earlier P-8478V-5.7.11 and earlier 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-8478V-5.5.48 and earlier P-8478V-5.6.29 and earlier P-8478V-5.7.11 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: PS). Supported versions that are affected are 5.5.47 and earlier, 5.6.28 and earlier and 5.7.10 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2016-0649 P-8478V-5.5.47 and earlier P-8478V-5.6.28 and earlier P-8478V-5.7.10 and earlier 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-8478V-5.5.47 and earlier P-8478V-5.6.28 and earlier P-8478V-5.7.10 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.47 and earlier, 5.6.28 and earlier and 5.7.10 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2016-0650 P-8478V-5.5.47 and earlier P-8478V-5.6.28 and earlier P-8478V-5.7.10 and earlier 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-8478V-5.5.47 and earlier P-8478V-5.6.28 and earlier P-8478V-5.7.10 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.46 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2016-0651 P-8478V-5.5.46 and earlier 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-8478V-5.5.46 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.10 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2016-0652 P-8478V-5.7.10 and earlier 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-8478V-5.7.10 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 5.7.10 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2016-0653 P-8478V-5.7.10 and earlier 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-8478V-5.7.10 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.10 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2016-0654 P-8478V-5.7.10 and earlier 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-8478V-5.7.10 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.29 and earlier and 5.7.11 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2016-0655 P-8478V-5.6.29 and earlier P-8478V-5.7.11 and earlier 4.7 AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-8478V-5.6.29 and earlier P-8478V-5.7.11 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.10 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2016-0656 P-8478V-5.7.10 and earlier 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-8478V-5.7.10 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: JSON). Supported versions that are affected are 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2016-0657 P-8478V-5.7.11 and earlier 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-8478V-5.7.11 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.10 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2016-0658 P-8478V-5.7.10 and earlier 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-8478V-5.7.10 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2016-0659 P-8478V-5.7.11 and earlier 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-8478V-5.7.11 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.6.28 and earlier and 5.7.10 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2016-0661 P-8478V-5.6.28 and earlier P-8478V-5.7.10 and earlier 4.7 AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-8478V-5.6.28 and earlier P-8478V-5.7.10 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). Supported versions that are affected are 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2016-0662 P-8478V-5.7.11 and earlier 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-8478V-5.7.11 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.7.10 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2016-0663 P-8478V-5.7.10 and earlier 4.7 AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-8478V-5.7.10 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.28 and earlier 5.7.10 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2016-0665 P-8478V-5.6.28 and earlier5.7.10 and earlier 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-8478V-5.6.28 and earlier5.7.10 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.48 and earlier, 5.6.29 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2016-0666 P-8478V-5.5.48 and earlier P-8478V-5.6.29 and earlier P-8478V-5.7.11 and earlier 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-8478V-5.5.48 and earlier P-8478V-5.6.29 and earlier P-8478V-5.7.11 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.7.11 and earlier. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2016-0667 P-8478V-5.7.11 and earlier 4.4 AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-8478V-5.7.11 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.28 and earlier 5.7.10 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2016-0668 P-8478V-5.6.28 and earlier5.7.10 and earlier 4.1 AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-8478V-5.6.28 and earlier5.7.10 and earlier Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Fwflash). The supported version that is affected is 11.3. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Solaris accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS 3.0 Base Score 6.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H). Fix has been released CVE-2016-0669 P-10006V-11.3 6.0 AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-10006V-11.3 Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: OSSL Module). The supported version that is affected is 12.1.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle HTTP Server accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Fix has been released CVE-2016-0671 P-1042V-12.1.2.0 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-1042V-12.1.2.0 Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Pre-Login). Supported versions that are affected are 12.0.2 and 12.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Direct Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Direct Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2016-0672 P-9111V-12.0.2 P-9111V-12.0.3 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-9111V-12.0.2 P-9111V-12.0.3 Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). Supported versions that are affected are 8.1.1 and 8.2.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel UI Framework accessible data as well as unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2016-0673 P-9011V-8.1.1 P-9011V-8.2.2 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-9011V-8.1.1 P-9011V-8.2.2 Vulnerability in the Siebel Core - Common Components component of Oracle Siebel CRM (subcomponent: Email). Supported versions that are affected are 8.1.1 and 8.2.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Siebel Core - Common Components executes to compromise Siebel Core - Common Components. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel Core - Common Components accessible data as well as unauthorized read access to a subset of Siebel Core - Common Components accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). Fix has been released CVE-2016-0674 P-9747V-8.1.1 P-9747V-8.2.2 4.4 AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-9747V-8.1.1 P-9747V-8.2.2 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Console). Supported versions that are affected are 10.3.6, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2016-0675 P-5242V-10.3.6 P-5242V-12.1.2 P-5242V-12.1.3 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-5242V-10.3.6 P-5242V-12.1.2 P-5242V-12.1.3 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 10. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS 3.0 Base Score 4.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2016-0676 P-10006V-10 4.7 AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-10006V-10 Vulnerability in the RDBMS Security component of Oracle Database Server. Supported versions that are affected are 12.1.0.1 and 12.1.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of RDBMS Security. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2016-0677 P-5V-12.1.0.1 P-5V-12.1.0.2 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-5V-12.1.0.1 P-5V-12.1.0.2 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is VirtualBox prior to 5.0.18. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H). Fix has been released CVE-2016-0678 P-8370V-VirtualBox prior to 5.0.18 6.7 AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-8370V-VirtualBox prior to 5.0.18 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Grids). Supported versions that are affected are 8.53, 8,54 and 8.55. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PeopleTools accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 8.7 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H). Fix has been released CVE-2016-0679 P-5085V-8.53 P-5085V-8 P-5085V-54 P-5085V-8.55 8.7 AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-5085V-8.53 P-5085V-8 P-5085V-54 P-5085V-8.55 Vulnerability in the PeopleSoft Enterprise SCM component of Oracle PeopleSoft Products (subcomponent: Services Procurement). Supported versions that are affected are 9.1 and 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise SCM accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise SCM accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). Fix has been released CVE-2016-0680 P-5135V-9.1 P-5135V-9.2 5.4 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-5135V-9.1 P-5135V-9.2 Vulnerability in the Oracle OLAP component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Execute on DBMS_AW privilege with logon to the infrastructure where Oracle OLAP executes to compromise Oracle OLAP. Successful attacks of this vulnerability can result in takeover of Oracle OLAP. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2016-0681 P-1163V-11.2.0.4 P-1163V-12.1.0.1 P-1163V-12.1.0.2 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-1163V-11.2.0.4 P-1163V-12.1.0.1 P-1163V-12.1.0.2 Vulnerability in the DataStore component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35 and 12.1.6.1.26. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where DataStore executes to compromise DataStore. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of DataStore. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Fix has been released CVE-2016-0682 P-2051V-11.2.5.0.32 P-2051V-11.2.5.1.29 P-2051V-11.2.5.2.42 P-2051V-11.2.5.3.28 P-2051V-12.1.6.0.35 P-2051V-12.1.6.1.26 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-2051V-11.2.5.0.32 P-2051V-11.2.5.1.29 P-2051V-11.2.5.2.42 P-2051V-11.2.5.3.28 P-2051V-12.1.6.0.35 P-2051V-12.1.6.1.26 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Search Framework). Supported versions that are affected are 8.53, 8.54 and 8.55. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2016-0683 P-5085V-8.53 P-5085V-8.54 P-5085V-8.55 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-5085V-8.53 P-5085V-8.54 P-5085V-8.55 Vulnerability in the Oracle Retail MICROS ARS POS component of Oracle Retail Applications (subcomponent: POS). The supported version that is affected is 1.5. Easily exploitable vulnerability allows low privileged attacker with network access via Oracle Net to compromise Oracle Retail MICROS ARS POS. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail MICROS ARS POS accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2016-0684 P-12775V-1.5 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-12775V-1.5 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: File Processing). Supported versions that are affected are 8.53, 8.54 and 8.55. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2016-0685 P-5085V-8.53 P-5085V-8.54 P-5085V-8.55 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-5085V-8.53 P-5085V-8.54 P-5085V-8.55 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u113, 7u99 and 8u77; Java SE Embedded: 8u77. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). Fix has been released CVE-2016-0686 P-856V-Java SE: 6u113 P-856V-7u99 P-856V-8u77; Java SE Embedded: 8u77 9.6 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-856V-Java SE: 6u113 P-856V-7u99 P-856V-8u77; Java SE Embedded: 8u77 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u113, 7u99 and 8u77; Java SE Embedded: 8u77. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). Fix has been released CVE-2016-0687 P-856V-Java SE: 6u113 P-856V-7u99 P-856V-8u77; Java SE Embedded: 8u77 9.6 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-856V-Java SE: 6u113 P-856V-7u99 P-856V-8u77; Java SE Embedded: 8u77 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versions that are affected are 10.3.6, 12.1.2 and 12.1.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Fix has been released CVE-2016-0688 P-5242V-10.3.6 P-5242V-12.1.2 P-5242V-12.1.3 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-5242V-10.3.6 P-5242V-12.1.2 P-5242V-12.1.3 Vulnerability in the DataStore component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35 and 12.1.6.1.26. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where DataStore executes to compromise DataStore. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of DataStore. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Fix has been released CVE-2016-0689 P-2051V-11.2.5.0.32 P-2051V-11.2.5.1.29 P-2051V-11.2.5.2.42 P-2051V-11.2.5.3.28 P-2051V-12.1.6.0.35 P-2051V-12.1.6.1.26 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-2051V-11.2.5.0.32 P-2051V-11.2.5.1.29 P-2051V-11.2.5.2.42 P-2051V-11.2.5.3.28 P-2051V-12.1.6.0.35 P-2051V-12.1.6.1.26 Vulnerability in the RDBMS Security component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with logon to the infrastructure where RDBMS Security executes to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of RDBMS Security accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). Fix has been released CVE-2016-0690 P-5V-11.2.0.4 P-5V-12.1.0.1 P-5V-12.1.0.2 3.3 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-5V-11.2.0.4 P-5V-12.1.0.1 P-5V-12.1.0.2 Vulnerability in the RDBMS Security component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with logon to the infrastructure where RDBMS Security executes to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of RDBMS Security accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). Fix has been released CVE-2016-0691 P-5V-11.2.0.4 P-5V-12.1.0.1 P-5V-12.1.0.2 3.3 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-5V-11.2.0.4 P-5V-12.1.0.1 P-5V-12.1.0.2 Vulnerability in the DataStore component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35 and 12.1.6.1.26. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where DataStore executes to compromise DataStore. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of DataStore. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Fix has been released CVE-2016-0692 P-2051V-11.2.5.0.32 P-2051V-11.2.5.1.29 P-2051V-11.2.5.2.42 P-2051V-11.2.5.3.28 P-2051V-12.1.6.0.35 P-2051V-12.1.6.1.26 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-2051V-11.2.5.0.32 P-2051V-11.2.5.1.29 P-2051V-11.2.5.2.42 P-2051V-11.2.5.3.28 P-2051V-12.1.6.0.35 P-2051V-12.1.6.1.26 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: PAM LDAP module). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2016-0693 P-10006V-10 P-10006V-11.3 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-10006V-10 P-10006V-11.3 Vulnerability in the DataStore component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35 and 12.1.6.1.26. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where DataStore executes to compromise DataStore. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of DataStore. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Fix has been released CVE-2016-0694 P-2051V-11.2.5.0.32 P-2051V-11.2.5.1.29 P-2051V-11.2.5.2.42 P-2051V-11.2.5.3.28 P-2051V-12.1.6.0.35 P-2051V-12.1.6.1.26 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-2051V-11.2.5.0.32 P-2051V-11.2.5.1.29 P-2051V-11.2.5.2.42 P-2051V-11.2.5.3.28 P-2051V-12.1.6.0.35 P-2051V-12.1.6.1.26 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u113, 7u99 and 8u77; Java SE Embedded: 8u77; JRockit: R28.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of JSSE. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2016-0695 P-856V-Java SE: 6u113 P-856V-7u99 P-856V-8u77; Java SE Embedded: 8u77; JRockit: R28.3.9 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-856V-Java SE: 6u113 P-856V-7u99 P-856V-8u77; Java SE Embedded: 8u77; JRockit: R28.3.9 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Console). The supported version that is affected is 10.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N). Fix has been released CVE-2016-0696 P-5242V-10.3.6 5.4 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-5242V-10.3.6 Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: DB Privileges). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Application Object Library executes to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Application Object Library accessible data as well as unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data. CVSS 3.0 Base Score 6.0 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N). Fix has been released CVE-2016-0697 P-510V-12.1.3 P-510V-12.2.3 P-510V-12.2.4 P-510V-12.2.5 6.0 AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-510V-12.1.3 P-510V-12.2.3 P-510V-12.2.4 P-510V-12.2.5 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Rich Text Editor). Supported versions that are affected are 8.53, 8.54 and 8.55. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2016-0698 P-5085V-8.53 P-5085V-8.54 P-5085V-8.55 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-5085V-8.53 P-5085V-8.54 P-5085V-8.55 Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Login). Supported versions that are affected are 12.0.2 and 12.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Direct Banking accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Direct Banking accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). Fix has been released CVE-2016-0699 P-9111V-12.0.2 P-9111V-12.0.3 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-9111V-12.0.2 P-9111V-12.0.3 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Console). Supported versions that are affected are 10.3.6, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2016-0700 P-5242V-10.3.6 P-5242V-12.1.2 P-5242V-12.1.3 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-5242V-10.3.6 P-5242V-12.1.2 P-5242V-12.1.3 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.6.29 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2016-0705 P-8478V-5.6.29 and earlier P-8478V-5.7.11 and earlier 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-8478V-5.6.29 and earlier P-8478V-5.7.11 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.5.48 and earlier, 5.6.29 and earlier and 5.7.11 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). Fix has been released CVE-2016-2047 P-8478V-5.5.48 and earlier P-8478V-5.6.29 and earlier P-8478V-5.7.11 and earlier 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-8478V-5.5.48 and earlier P-8478V-5.6.29 and earlier P-8478V-5.7.11 and earlier Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Console). Supported versions that are affected are 10.3.6, 12.1.2, 12.1.3 and 12.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2016-3416 P-5242V-10.3.6 P-5242V-12.1.2 P-5242V-12.1.3 P-5242V-12.2.1 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-5242V-10.3.6 P-5242V-12.1.2 P-5242V-12.1.3 P-5242V-12.2.1 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Search Functionality). Supported versions that are affected are 8.53, 8.54 and 8.55. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2016-3417 P-5085V-8.53 P-5085V-8.54 P-5085V-8.55 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-5085V-8.53 P-5085V-8.54 P-5085V-8.55 Vulnerability in the DataStore component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35 and 12.1.6.1.26. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where DataStore executes to compromise DataStore. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of DataStore. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Fix has been released CVE-2016-3418 P-2051V-11.2.5.0.32 P-2051V-11.2.5.1.29 P-2051V-11.2.5.2.42 P-2051V-11.2.5.3.28 P-2051V-12.1.6.0.35 P-2051V-12.1.6.1.26 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-2051V-11.2.5.0.32 P-2051V-11.2.5.1.29 P-2051V-11.2.5.2.42 P-2051V-11.2.5.3.28 P-2051V-12.1.6.0.35 P-2051V-12.1.6.1.26 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Filesystem). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). Fix has been released CVE-2016-3419 P-10006V-10 P-10006V-11.3 3.3 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-10006V-10 P-10006V-11.3 Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.1.1, 9.3.1.2, 9.3.2 and 9.3.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. While the vulnerability is in Oracle Agile PLM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data. CVSS 3.0 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N). Fix has been released CVE-2016-3420 P-4461V-9.3.1.1 P-4461V-9.3.1.2 P-4461V-9.3.2 P-4461V-9.3.3 6.4 AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-4461V-9.3.1.1 P-4461V-9.3.1.2 P-4461V-9.3.2 P-4461V-9.3.3 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Activity Guide). Supported versions that are affected are 8.53, 8.54 and 8.55. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. While the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 7.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L). Fix has been released CVE-2016-3421 P-5085V-8.53 P-5085V-8.54 P-5085V-8.55 7.4 AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-5085V-8.53 P-5085V-8.54 P-5085V-8.55 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u113, 7u99 and 8u77. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). Fix has been released CVE-2016-3422 P-856V-Java SE: 6u113 P-856V-7u99 P-856V-8u77 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-856V-Java SE: 6u113 P-856V-7u99 P-856V-8u77 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Rich Text Editor). Supported versions that are affected are 8.53, 8.54 and 8.55. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2016-3423 P-5085V-8.53 P-5085V-8.54 P-5085V-8.55 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-5085V-8.53 P-5085V-8.54 P-5085V-8.55 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u113, 7u99 and 8u77; Java SE Embedded: 8u77; JRockit: R28.3.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Fix has been released CVE-2016-3425 P-856V-Java SE: 6u113 P-856V-7u99 P-856V-8u77; Java SE Embedded: 8u77; JRockit: R28.3.9 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-856V-Java SE: 6u113 P-856V-7u99 P-856V-8u77; Java SE Embedded: 8u77; JRockit: R28.3.9 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JCE). The supported version that is affected is Java SE: 8u77; Java SE Embedded: 8u77. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). Fix has been released CVE-2016-3426 P-856V-Java SE: 8u77; Java SE Embedded: 8u77 3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-856V-Java SE: 8u77; Java SE Embedded: 8u77 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u113, 7u99 and 8u77; Java SE Embedded: 8u77; JRockit: R28.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). Fix has been released CVE-2016-3427 P-856V-Java SE: 6u113 P-856V-7u99 P-856V-8u77; Java SE Embedded: 8u77; JRockit: R28.3.9 9.0 AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-856V-Java SE: 6u113 P-856V-7u99 P-856V-8u77; Java SE Embedded: 8u77; JRockit: R28.3.9 Vulnerability in the Oracle Agile Engineering Data Management component of Oracle Supply Chain Products Suite (subcomponent: Engineering Communication Interface). Supported versions that are affected are 6.1.3.0 and 6.2.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Agile Engineering Data Management executes to compromise Oracle Agile Engineering Data Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Agile Engineering Data Management. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Fix has been released CVE-2016-3428 P-4436V-6.1.3.0 P-4436V-6.2.0.0 3.1 AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-4436V-6.1.3.0 P-4436V-6.2.0.0 Vulnerability in the Oracle Retail Xstore Point of Service component of Oracle Retail Applications (subcomponent: Xstore Services). Supported versions that are affected are 5.0, 5.5, 6.0, 6.5, 7.0 and 7.1. Difficult to exploit vulnerability allows physical access to compromise Oracle Retail Xstore Point of Service. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Xstore Point of Service accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Xstore Point of Service accessible data. CVSS 3.0 Base Score 4.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N). Fix has been released CVE-2016-3429 P-11513V-5.0 P-11513V-5.5 P-11513V-6.0 P-11513V-6.5 P-11513V-7.0 P-11513V-7.1 4.5 AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-11513V-5.0 P-11513V-5.5 P-11513V-6.0 P-11513V-6.5 P-11513V-7.0 P-11513V-7.1 Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.1.1, 9.3.1.2, 9.3.2 and 9.3.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. While the vulnerability is in Oracle Agile PLM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data. CVSS 3.0 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N). Fix has been released CVE-2016-3431 P-4461V-9.3.1.1 P-4461V-9.3.1.2 P-4461V-9.3.2 P-4461V-9.3.3 6.4 AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-4461V-9.3.1.1 P-4461V-9.3.1.2 P-4461V-9.3.2 P-4461V-9.3.3 Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Logout). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Object Library, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N). Fix has been released CVE-2016-3434 P-510V-12.1.3 P-510V-12.2.3 P-510V-12.2.4 P-510V-12.2.5 4.7 AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-510V-12.1.3 P-510V-12.2.3 P-510V-12.2.4 P-510V-12.2.5 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.53, 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 4.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L). Fix has been released CVE-2016-3435 P-5085V-8.53 P-5085V-8.54 P-5085V-8.55 4.7 AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-5085V-8.53 P-5085V-8.54 P-5085V-8.55 Vulnerability in the Oracle Common Applications Calendar component of Oracle E-Business Suite (subcomponent: Tasks). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications Calendar. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications Calendar, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications Calendar accessible data as well as unauthorized update, insert or delete access to some of Oracle Common Applications Calendar accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Fix has been released CVE-2016-3436 P-1528V-12.1.1 P-1528V-12.1.2 P-1528V-12.1.3 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-1528V-12.1.1 P-1528V-12.1.2 P-1528V-12.1.3 Vulnerability in the Oracle CRM Wireless component of Oracle E-Business Suite (subcomponent: Person Address Page). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Wireless. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Wireless, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Wireless accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Wireless accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Fix has been released CVE-2016-3437 P-1199V-12.1.3 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-1199V-12.1.3 Vulnerability in the Oracle Configurator component of Oracle Supply Chain Products Suite (subcomponent: JRAD Heartbeat). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Configurator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data as well as unauthorized update, insert or delete access to some of Oracle Configurator accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Fix has been released CVE-2016-3438 P-31V-12.1 P-31V-12.2 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-31V-12.1 P-31V-12.2 Vulnerability in the Oracle CRM Wireless component of Oracle E-Business Suite (subcomponent: Call Phone Number Page). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Wireless. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Wireless, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Wireless accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Wireless accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Fix has been released CVE-2016-3439 P-1199V-12.1.3 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-1199V-12.1.3 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Filesystem). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2016-3441 P-10006V-10 P-10006V-11.3 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-10006V-10 P-10006V-11.3 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.53, 8.54 and 8.55. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2016-3442 P-5085V-8.53 P-5085V-8.54 P-5085V-8.55 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-5085V-8.53 P-5085V-8.54 P-5085V-8.55 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u113, 7u99 and 8u77. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). Fix has been released CVE-2016-3443 P-856V-Java SE: 6u113 P-856V-7u99 P-856V-8u77 9.6 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-856V-Java SE: 6u113 P-856V-7u99 P-856V-8u77 Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: OAF Core). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Framework accessible data as well as unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.0 Base Score 6.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N). Fix has been released CVE-2016-3447 P-1472V-12.1.3 P-1472V-12.2.3 P-1472V-12.2.4 P-1472V-12.2.5 6.9 AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-1472V-12.1.3 P-1472V-12.2.3 P-1472V-12.2.4 P-1472V-12.2.5 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u113, 7u99 and 8u77. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). Fix has been released CVE-2016-3449 P-856V-Java SE: 6u113 P-856V-7u99 P-856V-8u77 8.3 AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-856V-Java SE: 6u113 P-856V-7u99 P-856V-8u77 Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.1 and 12.1.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java VM. While the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java VM. Note: The CVSS score is 7.6 only on Windows for Database versions prior to 12c. The CVSS is 5.1 (Confidentiality, Integrity and Availability is "Partial+") for Database 12c on Windows and for all versions of Database on Linux, Unix and other platforms. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). Fix has been released CVE-2016-3454 P-5V-11.2.0.4 P-5V-12.1.0.1 P-5V-12.1.0.2 9.0 AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-5V-11.2.0.4 P-5V-12.1.0.1 P-5V-12.1.0.2 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.0, 8.5.1 and 8.5.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data as well as unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. The score here assumes that the hosting software passes data received over the network to Outside In Technology code. In any other cases, the scores could be lower than this. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). Fix has been released CVE-2016-3455 P-2276V-8.5.0 P-2276V-8.5.1 P-2276V-8.5.2 8.6 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-2276V-8.5.0 P-2276V-8.5.1 P-2276V-8.5.2 Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul component of Oracle Supply Chain Products Suite (subcomponent: Dialog Box). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Fix has been released CVE-2016-3456 P-1184V-12.1.1 P-1184V-12.1.2 P-1184V-12.1.3 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-1184V-12.1.1 P-1184V-12.1.2 P-1184V-12.1.3 Vulnerability in the PeopleSoft Enterprise HCM ePerformance component of Oracle PeopleSoft Products (subcomponent: Security). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM ePerformance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM ePerformance accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HCM ePerformance accessible data. CVSS 3.0 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N). Fix has been released CVE-2016-3457 P-5050V-9.2 4.6 AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-5050V-9.2 Vulnerability in the PeopleSoft Enterprise HCM component of Oracle PeopleSoft Products (subcomponent: ePerformance). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HCM accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). Fix has been released CVE-2016-3460 P-5050V-9.2 5.4 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-5050V-9.2 Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.0.25 and earlier and 3.1.2 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in takeover of MySQL Enterprise Monitor. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2016-3461 P-8480V-3.0.25 and earlier P-8480V-3.1.2 and earlier 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-8480V-3.0.25 and earlier P-8480V-3.1.2 and earlier Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network Configuration Service). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS 3.0 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2016-3462 P-10006V-11.3 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-10006V-11.3 Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Pre-Login). The supported version that is affected is 12.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Direct Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Direct Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2016-3463 P-9111V-12.0.3 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-9111V-12.0.3 Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Accounts). The supported version that is affected is 12.0.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Direct Banking accessible data. CVSS 3.0 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N). Fix has been released CVE-2016-3464 P-9111V-12.0.3 5.7 AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-9111V-12.0.3 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: ZFS). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS 3.0 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2016-3465 P-10006V-10 P-10006V-11.3 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-10006V-10 P-10006V-11.3 Vulnerability in the Oracle Field Service component of Oracle E-Business Suite (subcomponent: Wireless). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Field Service. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Field Service accessible data as well as unauthorized access to critical data or complete access to all Oracle Field Service accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). Fix has been released CVE-2016-3466 P-747V-12.1.1 P-747V-12.1.2 P-747V-12.1.3 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CPUApr2016 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuapr2016v3.html P-747V-12.1.1 P-747V-12.1.2 P-747V-12.1.3