Oracle Security Alert for CVE-2017-9805 - Oracle CVRF Oracle Security Alert CVE-2017-9805 Final 1.0 1.0 2017-09-21T13:00:00-07:00 Initial Distribution 2017-09-21T13:00:00-07:00 2017-09-21T13:00:00-07:00 This document contains descriptions of Oracle product security vulnerabilities which have had fixes released for all supported versions and platforms for the associated product. Additional information regarding these vulnerabilities including fix distribution information can be found at the Oracle sites referenced in this document. This document is published at: http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3889418.xml https://www.oracle.com/security-alerts/alert-cve-2017-9805.html URL to html version of Advisory Communications Policy Management Version 11.5 Communications Policy Management Version 12.x Financial Services Enterprise Financial Performance Analytics Version 8.0.0 to 8.0.5 Financial Services Profitability Management Version 6.0.0 Financial Services Profitability Management Version 6.1.0 Financial Services Profitability Management Version 6.1.1 Financial Services Profitability Management Version 8.0.1 Financial Services Profitability Management Version 8.0.2 Financial Services Profitability Management Version 8.0.3 Financial Services Profitability Management Version 8.0.4 Financial Services Profitability Management Version 8.0.5 Financial Services Funds Transfer Pricing Version 6.0.0 Financial Services Funds Transfer Pricing Version 6.1.0 Financial Services Funds Transfer Pricing Version 6.1.1 Financial Services Funds Transfer Pricing Version 8.0.1 Financial Services Funds Transfer Pricing Version 8.0.2 Financial Services Funds Transfer Pricing Version 8.0.3 Financial Services Funds Transfer Pricing Version 8.0.4 Financial Services Funds Transfer Pricing Version 8.0.5 Financial Services Asset Liability Management Version 6.0.0 Financial Services Asset Liability Management Version 6.1.0 Financial Services Asset Liability Management Version 6.1.1 Financial Services Asset Liability Management Version 8.0.1 Financial Services Asset Liability Management Version 8.0.2 Financial Services Asset Liability Management Version 8.0.3 Financial Services Asset Liability Management Version 8.0.4 Financial Services Asset Liability Management Version 8.0.5 Financial Services Analytical Applications Infrastructure Version 7.2 Financial Services Analytical Applications Infrastructure Version 7.3 Financial Services Analytical Applications Reconciliation Framework Version 3.5 Financial Services Analytical Applications Reconciliation Framework Version 3.5.1 Financial Services Analytical Applications Reconciliation Framework Version 8.0.0 to 8.0.4 Financial Services Pricing Management, Transfer Pricing Component Version 8.0.0 to 8.0.5 Financial Services Liquidity Risk Management Version 8.0.1 Financial Services Liquidity Risk Management Version 8.0.2 Financial Services Liquidity Risk Management Version 8.0.4 FLEXCUBE Private Banking Version 12.0 FLEXCUBE Private Banking Version 12.0.1 FLEXCUBE Private Banking Version 12.0.2 FLEXCUBE Private Banking Version 12.0.3 FLEXCUBE Private Banking Version 12.1 FLEXCUBE Private Banking Version 2.0 FLEXCUBE Private Banking Version 2.1 FLEXCUBE Private Banking Version 2.2 FLEXCUBE Private Banking Version 3.0 Financial Services Data Foundation Version 7.3.0 Financial Services Data Foundation Version 7.4.0 Financial Services Data Foundation Version 8.0.0 to 8.0.5 Financial Services Hedge Management and IFRS Valuations Version 6.1.1 Financial Services Hedge Management and IFRS Valuations Version 8.0.1 Financial Services Hedge Management and IFRS Valuations Version 8.0.2 Financial Services Hedge Management and IFRS Valuations Version 8.0.3 Financial Services Hedge Management and IFRS Valuations Version 8.0.4 Financial Services Hedge Management and IFRS Valuations Version 8.0.5 Financial Services Basel Regulatory Capital Internal Ratings Based Approach Version 8.0.0 to 8.0.4 Financial Services Loan Loss Forecasting and Provisioning Version 1.5.0 Financial Services Loan Loss Forecasting and Provisioning Version 1.5.1 Financial Services Loan Loss Forecasting and Provisioning Version 8.0.1 Financial Services Loan Loss Forecasting and Provisioning Version 8.0.2 Financial Services Loan Loss Forecasting and Provisioning Version 8.0.3 Financial Services Loan Loss Forecasting and Provisioning Version 8.0.4 Financial Services Loan Loss Forecasting and Provisioning Version 8.0.5 Financial Services ICAAP Analytics Version 8.0 Financial Services Basel Regulatory Capital Basic Version 8.0.0 to 8.0.4 Insurance Data Foundation Version 8.0.0 to 8.0.5 Financial Services Retail Customer Analytics Version 8.0.0 to 8.0.5 Financial Services Institutional Performance Analytics Version 8.0.0 to 8.0.5 Financial Services Retail Performance Analytics Version 8.0.0 to 8.0.5 Insurance Performance Insight for General Insurance Version 8.0 Financial Services Data Integration Hub Version 8.0.1 to 8.0.4 WebLogic Server Version 10.3.6.0 WebLogic Server Version 12.1.3.0 WebLogic Server Version 12.2.1.0 WebLogic Server Version 12.2.1.1 WebLogic Server Version 12.2.1.2 WebLogic Server Version 12.2.1.3 MySQL Enterprise Monitor Version 3.2.8.2223 and earlier MySQL Enterprise Monitor Version 3.3.4.3247 and earlier MySQL Enterprise Monitor Version 3.4.2.4181 and earlier XBRi Cloud Service Version 10.0.1 XBRi Cloud Service Version 10.5.0 XBRi Cloud Service Version 10.6.0 XBRi Cloud Service Version 10.7.0 XBRi Cloud Service Version 10.8.0 XBRi Cloud Service Version 10.8.1 Siebel Apps - E-Billing Version 6.1 Siebel Apps - E-Billing Version 6.2 Siebel Apps - E-Billing Version 7.1 Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: General (Struts 2)). Supported versions that are affected are 3.2.8.2223 and earlier, 3.3.4.3247 and earlier and 3.4.2.4181 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2017-9787 P-8480V-3.2.8.2223 and earlier P-8480V-3.3.4.3247 and earlier P-8480V-3.4.2.4181 and earlier 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9805 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/alert-cve-2017-9805.html P-8480V-3.2.8.2223 and earlier P-8480V-3.3.4.3247 and earlier P-8480V-3.4.2.4181 and earlier Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: Security (Struts 2)). Supported versions that are affected are 11.5 and 12.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Policy Management. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-9805 P-10900V-11.5 P-10900V-12.x 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-9805 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/alert-cve-2017-9805.html P-10900V-11.5 P-10900V-12.x Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Core (Struts 2)). Supported versions that are affected are 2.0, 2.1, 2.2, 3.0, 12.0, 12.0.1, 12.0.2, 12.0.3 and 12.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in takeover of Oracle FLEXCUBE Private Banking. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-9805 P-9110V-2.0 P-9110V-2.1 P-9110V-2.2 P-9110V-3.0 P-9110V-12.0 P-9110V-12.0.1 P-9110V-12.0.2 P-9110V-12.0.3 P-9110V-12.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-9805 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/alert-cve-2017-9805.html P-9110V-2.0 P-9110V-2.1 P-9110V-2.2 P-9110V-3.0 P-9110V-12.0 P-9110V-12.0.1 P-9110V-12.0.2 P-9110V-12.0.3 P-9110V-12.1 Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure component of Oracle Financial Services Applications (subcomponent: Core (Struts 2)). Supported versions that are affected are 7.2 and 7.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-9805 P-5680V-7.2 P-5680V-7.3 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-9805 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/alert-cve-2017-9805.html P-5680V-7.2 P-5680V-7.3 Vulnerability in the Oracle Financial Services Analytical Applications Reconciliation Framework component of Oracle Financial Services Applications (subcomponent: Core (Struts 2)). Supported versions that are affected are 3.5, 3.5.1 and 8.0.0 to 8.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Reconciliation Framework. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Analytical Applications Reconciliation Framework. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-9805 P-5748V-3.5 P-5748V-3.5.1 P-5748V-8.0.0 to 8.0.4 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-9805 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/alert-cve-2017-9805.html P-5748V-3.5 P-5748V-3.5.1 P-5748V-8.0.0 to 8.0.4 Vulnerability in the Oracle Financial Services Asset Liability Management component of Oracle Financial Services Applications (subcomponent: Core (Struts 2)). Supported versions that are affected are 6.0.0, 6.1.0, 6.1.1, 8.0.1, 8.0.2, 8.0.3, 8.0.4 and 8.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Asset Liability Management. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Asset Liability Management. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-9805 P-5662V-6.0.0 P-5662V-6.1.0 P-5662V-6.1.1 P-5662V-8.0.1 P-5662V-8.0.2 P-5662V-8.0.3 P-5662V-8.0.4 P-5662V-8.0.5 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-9805 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/alert-cve-2017-9805.html P-5662V-6.0.0 P-5662V-6.1.0 P-5662V-6.1.1 P-5662V-8.0.1 P-5662V-8.0.2 P-5662V-8.0.3 P-5662V-8.0.4 P-5662V-8.0.5 Vulnerability in the Oracle Financial Services Basel Regulatory Capital Basic component of Oracle Financial Services Applications (subcomponent: Core (Struts 2)). The supported version that is affected is 8.0.0 to 8.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Basel Regulatory Capital Basic. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Basel Regulatory Capital Basic. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-9805 P-9612V-8.0.0 to 8.0.4 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-9805 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/alert-cve-2017-9805.html P-9612V-8.0.0 to 8.0.4 Vulnerability in the Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach component of Oracle Financial Services Applications (subcomponent: Core (Struts 2)). The supported version that is affected is 8.0.0 to 8.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-9805 P-9450V-8.0.0 to 8.0.4 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-9805 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/alert-cve-2017-9805.html P-9450V-8.0.0 to 8.0.4 Vulnerability in the Oracle Financial Services Data Foundation component of Oracle Financial Services Applications (subcomponent: Core (Struts 2)). Supported versions that are affected are 7.3.0, 7.4.0 and 8.0.0 to 8.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Data Foundation. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Data Foundation. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-9805 P-9180V-7.3.0 P-9180V-7.4.0 P-9180V-8.0.0 to 8.0.5 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-9805 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/alert-cve-2017-9805.html P-9180V-7.3.0 P-9180V-7.4.0 P-9180V-8.0.0 to 8.0.5 Vulnerability in the Oracle Financial Services Data Integration Hub component of Oracle Financial Services Applications (subcomponent: Core (Struts 2)). The supported version that is affected is 8.0.1 to 8.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Data Integration Hub. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Data Integration Hub. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-9805 P-11289V-8.0.1 to 8.0.4 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-9805 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/alert-cve-2017-9805.html P-11289V-8.0.1 to 8.0.4 Vulnerability in the Oracle Financial Services Enterprise Financial Performance Analytics component of Oracle Financial Services Applications (subcomponent: Core (Struts 2)). The supported version that is affected is 8.0.0 to 8.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Enterprise Financial Performance Analytics. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Enterprise Financial Performance Analytics. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-9805 P-4279V-8.0.0 to 8.0.5 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-9805 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/alert-cve-2017-9805.html P-4279V-8.0.0 to 8.0.5 Vulnerability in the Oracle Financial Services Funds Transfer Pricing component of Oracle Financial Services Applications (subcomponent: Core (Struts 2)). Supported versions that are affected are 6.0.0, 6.1.0, 6.1.1, 8.0.1, 8.0.2, 8.0.3, 8.0.4 and 8.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Funds Transfer Pricing. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Funds Transfer Pricing. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-9805 P-5659V-6.0.0 P-5659V-6.1.0 P-5659V-6.1.1 P-5659V-8.0.1 P-5659V-8.0.2 P-5659V-8.0.3 P-5659V-8.0.4 P-5659V-8.0.5 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-9805 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/alert-cve-2017-9805.html P-5659V-6.0.0 P-5659V-6.1.0 P-5659V-6.1.1 P-5659V-8.0.1 P-5659V-8.0.2 P-5659V-8.0.3 P-5659V-8.0.4 P-5659V-8.0.5 Vulnerability in the Oracle Financial Services Hedge Management and IFRS Valuations component of Oracle Financial Services Applications (subcomponent: Core (Struts 2)). Supported versions that are affected are 6.1.1, 8.0.1, 8.0.2, 8.0.3, 8.0.4 and 8.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Hedge Management and IFRS Valuations. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Hedge Management and IFRS Valuations. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-9805 P-9332V-6.1.1 P-9332V-8.0.1 P-9332V-8.0.2 P-9332V-8.0.3 P-9332V-8.0.4 P-9332V-8.0.5 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-9805 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/alert-cve-2017-9805.html P-9332V-6.1.1 P-9332V-8.0.1 P-9332V-8.0.2 P-9332V-8.0.3 P-9332V-8.0.4 P-9332V-8.0.5 Vulnerability in the Oracle Financial Services ICAAP Analytics component of Oracle Financial Services Applications (subcomponent: Core (Struts 2)). The supported version that is affected is 8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services ICAAP Analytics. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services ICAAP Analytics. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-9805 P-9484V-8.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-9805 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/alert-cve-2017-9805.html P-9484V-8.0 Vulnerability in the Oracle Financial Services Institutional Performance Analytics component of Oracle Financial Services Applications (subcomponent: Core (Struts 2)). The supported version that is affected is 8.0.0 to 8.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Institutional Performance Analytics. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Institutional Performance Analytics. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-9805 P-10215V-8.0.0 to 8.0.5 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-9805 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/alert-cve-2017-9805.html P-10215V-8.0.0 to 8.0.5 Vulnerability in the Oracle Financial Services Liquidity Risk Management component of Oracle Financial Services Applications (subcomponent: Core (Struts 2)). Supported versions that are affected are 8.0.1, 8.0.2 and 8.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Liquidity Risk Management. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Liquidity Risk Management. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-9805 P-9096V-8.0.1 P-9096V-8.0.2 P-9096V-8.0.4 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-9805 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/alert-cve-2017-9805.html P-9096V-8.0.1 P-9096V-8.0.2 P-9096V-8.0.4 Vulnerability in the Oracle Financial Services Loan Loss Forecasting and Provisioning component of Oracle Financial Services Applications (subcomponent: Core (Struts 2)). Supported versions that are affected are 1.5.0, 1.5.1, 8.0.1, 8.0.2, 8.0.3, 8.0.4 and 8.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Loan Loss Forecasting and Provisioning. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Loan Loss Forecasting and Provisioning. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-9805 P-9474V-1.5.0 P-9474V-1.5.1 P-9474V-8.0.1 P-9474V-8.0.2 P-9474V-8.0.3 P-9474V-8.0.4 P-9474V-8.0.5 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-9805 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/alert-cve-2017-9805.html P-9474V-1.5.0 P-9474V-1.5.1 P-9474V-8.0.1 P-9474V-8.0.2 P-9474V-8.0.3 P-9474V-8.0.4 P-9474V-8.0.5 Vulnerability in the Oracle Financial Services Pricing Management, Transfer Pricing Component / Oracle Financial Services Price Creation and Discovery component of Oracle Financial Services Applications (subcomponent: Core (Struts 2)). The supported version that is affected is 8.0.0 to 8.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Pricing Management, Transfer Pricing Component / Oracle Financial Services Price Creation and Discovery. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Pricing Management, Transfer Pricing Component / Oracle Financial Services Price Creation and Discovery. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-9805 P-5749V-8.0.0 to 8.0.5 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-9805 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/alert-cve-2017-9805.html P-5749V-8.0.0 to 8.0.5 Vulnerability in the Oracle Financial Services Profitability Management component of Oracle Financial Services Applications (subcomponent: Core (Struts 2)). Supported versions that are affected are 6.0.0, 6.1.0, 6.1.1, 8.0.1, 8.0.2, 8.0.3, 8.0.4 and 8.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Profitability Management. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Profitability Management. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-9805 P-5658V-6.0.0 P-5658V-6.1.0 P-5658V-6.1.1 P-5658V-8.0.1 P-5658V-8.0.2 P-5658V-8.0.3 P-5658V-8.0.4 P-5658V-8.0.5 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-9805 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/alert-cve-2017-9805.html P-5658V-6.0.0 P-5658V-6.1.0 P-5658V-6.1.1 P-5658V-8.0.1 P-5658V-8.0.2 P-5658V-8.0.3 P-5658V-8.0.4 P-5658V-8.0.5 Vulnerability in the Oracle Financial Services Retail Customer Analytics component of Oracle Financial Services Applications (subcomponent: Core (Struts 2)). The supported version that is affected is 8.0.0 to 8.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Retail Customer Analytics. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Retail Customer Analytics. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-9805 P-10214V-8.0.0 to 8.0.5 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-9805 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/alert-cve-2017-9805.html P-10214V-8.0.0 to 8.0.5 Vulnerability in the Oracle Financial Services Retail Performance Analytics component of Oracle Financial Services Applications (subcomponent: Core (Struts 2)). The supported version that is affected is 8.0.0 to 8.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Retail Performance Analytics. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Retail Performance Analytics. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-9805 P-10216V-8.0.0 to 8.0.5 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-9805 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/alert-cve-2017-9805.html P-10216V-8.0.0 to 8.0.5 Vulnerability in the Oracle Insurance Data Foundation component of Oracle Financial Services Applications (subcomponent: Core (Struts 2)). The supported version that is affected is 8.0.0 to 8.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Data Foundation. Successful attacks of this vulnerability can result in takeover of Oracle Insurance Data Foundation. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-9805 P-9755V-8.0.0 to 8.0.5 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-9805 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/alert-cve-2017-9805.html P-9755V-8.0.0 to 8.0.5 Vulnerability in the Oracle Insurance Performance Insight for General Insurance component of Oracle Financial Services Applications (subcomponent: Core (Struts 2)). The supported version that is affected is 8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Performance Insight for General Insurance. Successful attacks of this vulnerability can result in takeover of Oracle Insurance Performance Insight for General Insurance. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-9805 P-11257V-8.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-9805 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/alert-cve-2017-9805.html P-11257V-8.0 Vulnerability in the Siebel Apps - E-Billing component of Oracle Siebel CRM (subcomponent: Security (Struts 2)). Supported versions that are affected are 6.1, 6.2 and 7.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Apps - E-Billing. Successful attacks of this vulnerability can result in takeover of Siebel Apps - E-Billing. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-9805 P-8969V-6.1 P-8969V-6.2 P-8969V-7.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-9805 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/alert-cve-2017-9805.html P-8969V-6.1 P-8969V-6.2 P-8969V-7.1 Vulnerability in the WebLogic Server component of Oracle Fusion Middleware (subcomponent: Samples (Struts 2)). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise WebLogic Server. Successful attacks of this vulnerability can result in takeover of WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-9805 P-5242V-10.3.6.0 P-5242V-12.1.3.0 P-5242V-12.2.1.0 P-5242V-12.2.1.1 P-5242V-12.2.1.2 P-5242V-12.2.1.3 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-9805 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/alert-cve-2017-9805.html P-5242V-10.3.6.0 P-5242V-12.1.3.0 P-5242V-12.2.1.0 P-5242V-12.2.1.1 P-5242V-12.2.1.2 P-5242V-12.2.1.3 Vulnerability in the Oracle Retail XBRi Loss Prevention component of Oracle Retail Applications (subcomponent: Internal Operations (Struts 2)). Supported versions that are affected are 10.0.1, 10.5.0, 10.6.0, 10.7.0, 10.8.0 and 10.8.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail XBRi Loss Prevention. Successful attacks of this vulnerability can result in takeover of Oracle Retail XBRi Loss Prevention. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-9805 P-11506V-10.0.1 P-11506V-10.5.0 P-11506V-10.6.0 P-11506V-10.7.0 P-11506V-10.8.0 P-11506V-10.8.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-9805 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/alert-cve-2017-9805.html P-11506V-10.0.1 P-11506V-10.5.0 P-11506V-10.6.0 P-11506V-10.7.0 P-11506V-10.8.0 P-11506V-10.8.1