Oracle Critical Patch Update Advisory - January 2019 - Oracle CVRF Oracle Critical Patch Update Advisory CPUJan2019 Final 6 6 2019-04-18T13:00:00-07:00 Updated CVSS score for CVE-2019-2546. 2019-01-15T13:00:00-07:00 2019-04-18T13:00:00-07:00 This document contains descriptions of Oracle product security vulnerabilities which have had fixes released for all supported versions and platforms for the associated product. Additional information regarding these vulnerabilities including fix distribution information can be found at the Oracle sites referenced in this document. This document is published at: https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/5228984.xml https://www.oracle.com/security-alerts/cpujan2019.html URL to html version of Advisory Abu Abu Amardeep Chana MWR InfoSecurity An Example working with Trend Micro Zero Day Initiative Andrej Simko Accenture Andrej Simko of Accenture working with iDefense Labs Andres Georgieff Sandia National Laboratories Anonymous researcher working with Trend Micro's Zero Day Initiative Arun Mishra Arun Mishra Behzad Najjarpour Jabbari, Secunia Research at Flexera Software Ben Murray Ben Murray Bui Thanh Aalto University Daniel Kalinowski LLama's Bytes Deapesh Misra of iDefense, Accenture E. Anonymous working with Trend Micro Zero Day Initiative Eddie Zhu Beijing DBSEC Technology Co., Ltd Ex Allocate Pool With Tag working with Trend Micro Zero Day Initiative Exhibit A working with Trend Micro Zero Day Initiative Zhouyuan Yang of Fortinet's FortiGuard Labs George R Advanced Information Security Corporation Guillaume Teissier Orange CERT-CC Huy Ngo (Viettel Cyber Security) working with Trend Micro's Zero Day Initiative Huy Ngo of Viettel Cyber Security Ionel Cristinel Anichitei Bit Defender Jarrod Farncomb of TSS Jason Matthyser of MWR Labs working with Trend Micro Zero Day Initiative Jayson Grace Sandia National Laboratories Jonathan Jacobi Jonathan Jacobi Kamlapati Choubey Trend Micro's Zero Day Initiative Karl Henselin Karl Henselin Kasper Leigh Haabb, Secunia Research at Flexera Krzysztof Wrobel Krzysztof Wrobel Anonymous Researcher Lukasz Mikula LUKASZ MIKULA Lukasz Rupala of ING Tech Poland Maciej Grabiec Maksymilian Arciemowicz Marcin Wołoszyn ING Services Polska Marios Gyftos Marios Gyftos Mark Haase Mark Haase Markus Pieton Code White Martin Balao Red Hat Martin Doyhenard Onapsis Michael Weissbacher Northeastern University Michal Bazyli Michal Bazyli Mohamed M. Fouad SecureMisr Mohamed Sayed SecureMisr Mohamed Yusuf SecureMisr Mohit Kumar Mohit Kumar Nicolas Santiago Miguez Deloitte Risk Advisory Pty Ltd Niklas Baumstark working with Trend Micro's Zero Day Initiative Niraj Gautam Light Pay Coin Osman Ahmed Hassan Philippe Arteau GoSecure Piotr Madej ING Tech Poland Quang Nguyen of Viettel Cyber Security Rajesh Tv Rajesh Tv Ranjeet Jaiswal Reno Robert Reno Robert Root Object working with Trend Micro's Zero Day Initiative Saif ElSherei of Microsoft Corp Sarapremashish Butola Sarapremashish Butola Seth Duda Seth Duda Shoeb Patel (CaptainFreak) Abhishek Misal Srinivas M Srinivas M Stamatis Kapiris Stamatis Kapiris Steven Seeley of Source Incite working with iDefense Zhiyi Zhang of 360 ESG Codesafe Team Zhiyi Zhang of 360 ESG Codesafe Team cPanel Security Team cPanel Security Team YongTao Wang & Sai Cheng of Qihoo360 PegasusTeam nullx0c0de nullx0c0de rack911labs.com rack911labs.com rgod of 9sg Security Team working with Trend Micro's Zero Day Initiative Communications Billing and Revenue Management Version 12.0 Communications Billing and Revenue Management Version 7.5 Communications Services Gatekeeper Version prior to 6.1.0.4.0 Communications Converged Application Server Version prior to 7.0.0.1 Communications Service Broker Version 6.0 OSS Reference Implementation Version prior to 7.4.0 Communications Converged Application Server - Service Controller Version 6.1 Communications Online Mediation Controller Version 6.1 Communications Session Border Controller Version SCz7.4.0 Communications Session Border Controller Version SCz7.4.1 Communications Session Border Controller Version SCz8.0.0 Communications Session Border Controller Version SCz8.1.0 Communications Unified Session Manager Version SCz7.3.5 Enterprise Session Border Controller Version ECz7.4.0 Enterprise Session Border Controller Version ECz7.5.0 Enterprise Session Border Controller Version ECz8.0.0 Enterprise Session Border Controller Version ECz8.1.0 Enterprise Communications Broker Version PCz2.1 Enterprise Communications Broker Version PCz2.2 Enterprise Communications Broker Version PCz3.0 Communications WebRTC Session Controller Version prior to 7.2 Communications Diameter Signaling Router (DSR) Version prior to 8.3 Communications Policy Management Version prior to 12.5 Communications Performance Intelligence Center (PIC) Software Version prior to 10.2.1 Primavera P6 Enterprise Project Portfolio Management Version 15.1 Primavera P6 Enterprise Project Portfolio Management Version 15.2 Primavera P6 Enterprise Project Portfolio Management Version 16.1 Primavera P6 Enterprise Project Portfolio Management Version 16.2 Primavera P6 Enterprise Project Portfolio Management Version 17.7-17.12 Primavera P6 Enterprise Project Portfolio Management Version 18.8 Primavera P6 Enterprise Project Portfolio Management Version 8.4 Primavera P6 Professional Project Management Version 15.1 Primavera P6 Professional Project Management Version 15.2 Primavera P6 Professional Project Management Version 16.1 Primavera P6 Professional Project Management Version 16.2 Primavera P6 Professional Project Management Version 17.7-17.12 Primavera P6 Professional Project Management Version 18.8 Primavera P6 Professional Project Management Version 8.4 Primavera Unifier Version 16.1 Primavera Unifier Version 16.2 Primavera Unifier Version 17.1-17.12 Primavera Unifier Version 18.8 Oracle Database Version 11.2.0.4 Oracle Database Version 12.1.0.2 Oracle Database Version 12.2.0.1 Oracle Database Version 18c Applications Manager Version 12.1.1 Applications Manager Version 12.1.2 Applications Manager Version 12.1.3 Applications Manager Version 12.2.3 Applications Manager Version 12.2.4 Applications Manager Version 12.2.5 Applications Manager Version 12.2.6 Applications Manager Version 12.2.7 Applications Manager Version 12.2.8 Marketing Version 12.1.1 Marketing Version 12.1.2 Marketing Version 12.1.3 Marketing Version 12.2.3 Marketing Version 12.2.4 Marketing Version 12.2.5 Marketing Version 12.2.6 Marketing Version 12.2.7 Marketing Version 12.2.8 iStore Version 12.1.1 iStore Version 12.1.2 iStore Version 12.1.3 iStore Version 12.2.3 iStore Version 12.2.4 iStore Version 12.2.5 iStore Version 12.2.6 iStore Version 12.2.7 iStore Version 12.2.8 Mobile Field Service Version 12.1.1 Mobile Field Service Version 12.1.2 Mobile Field Service Version 12.1.3 Mobile Field Service Version 12.2.3 Mobile Field Service Version 12.2.4 Mobile Field Service Version 12.2.5 Mobile Field Service Version 12.2.6 Mobile Field Service Version 12.2.7 Mobile Field Service Version 12.2.8 Email Center Version 12.1.1 Email Center Version 12.1.2 Email Center Version 12.1.3 Email Center Version 12.2.3 Email Center Version 12.2.4 Email Center Version 12.2.5 Email Center Version 12.2.6 Email Center Version 12.2.7 Email Center Version 12.2.8 Partner Management Version 12.1.1 Partner Management Version 12.1.2 Partner Management Version 12.1.3 Partner Management Version 12.2.3 Partner Management Version 12.2.4 Partner Management Version 12.2.5 Partner Management Version 12.2.6 Partner Management Version 12.2.7 Partner Management Version 12.2.8 Content Manager Version 12.1.1 Content Manager Version 12.1.2 Content Manager Version 12.1.3 Content Manager Version 12.2.3 Content Manager Version 12.2.4 Content Manager Version 12.2.5 Content Manager Version 12.2.6 Content Manager Version 12.2.7 Content Manager Version 12.2.8 CRM Technical Foundation Version 12.1.3 CRM Technical Foundation Version 12.2.3 CRM Technical Foundation Version 12.2.4 CRM Technical Foundation Version 12.2.5 CRM Technical Foundation Version 12.2.6 CRM Technical Foundation Version 12.2.7 CRM Technical Foundation Version 12.2.8 One-to-One Fulfillment Version 12.1.3 One-to-One Fulfillment Version 12.2.3 One-to-One Fulfillment Version 12.2.4 One-to-One Fulfillment Version 12.2.5 One-to-One Fulfillment Version 12.2.6 One-to-One Fulfillment Version 12.2.7 One-to-One Fulfillment Version 12.2.8 Performance Management Version 12.1.1 Performance Management Version 12.1.2 Performance Management Version 12.1.3 Enterprise Manager Base Platform Version 12.1.0.5 Enterprise Manager Base Platform Version 13.2 Enterprise Manager Base Platform Version 13.2.0 Enterprise Manager Base Platform Version 13.3 Enterprise Manager Base Platform Version 13.3.0 Application Testing Suite Version 12.5.0.3 Application Testing Suite Version 13.1.0.1 Application Testing Suite Version 13.2.0.1 Application Testing Suite Version 13.3.0.1 Enterprise Manager for Virtualization Version 13.2.2 Enterprise Manager for Virtualization Version 13.2.3 Enterprise Manager for Virtualization Version 13.3.1 Enterprise Manager Ops Center Version 12.2.2 Enterprise Manager Ops Center Version 12.3.3 Financial Services Analytical Applications Infrastructure Version 7.3.3 Financial Services Analytical Applications Infrastructure Version 7.3.5 Financial Services Analytical Applications Infrastructure Version 8.0.1 Financial Services Analytical Applications Infrastructure Version 8.0.2 Financial Services Analytical Applications Infrastructure Version 8.0.3 Financial Services Analytical Applications Infrastructure Version 8.0.4 Financial Services Analytical Applications Infrastructure Version 8.0.5 Financial Services Analytical Applications Infrastructure Version 8.0.6 Financial Services Analytical Applications Infrastructure Version 8.0.7 FLEXCUBE Investor Servicing Version 12.0.4 FLEXCUBE Investor Servicing Version 12.1.0 FLEXCUBE Investor Servicing Version 12.3.0 FLEXCUBE Investor Servicing Version 12.4.0 FLEXCUBE Investor Servicing Version 14.0.0 FLEXCUBE Direct Banking Version 12.0.2 Banking Platform Version 2.5.0 Banking Platform Version 2.6.0 Banking Platform Version 2.6.1 Banking Platform Version 2.6.2 Hospitality Simphony Version 2.10 Hospitality Reporting and Analytics Version 9.1.0 Reports Developer Version 12.2.1.3 HTTP Server Version 12.2.1.3 Web Cache Version 11.1.1.9.0 SOA Suite Version 12.1.3.0.0 SOA Suite Version 12.2.1.3.0 Fusion Middleware MapViewer Version 12.2.1.3.0 WebCenter Portal Version 11.1.1.9.0 WebCenter Portal Version 12.2.1.3.0 Outside In Technology Version 8.5.3 Outside In Technology Version 8.5.4 WebLogic Server Version 10.3.6.0 WebLogic Server Version 12.1.3.0 WebLogic Server Version 12.2.1.3 Business Process Management Suite Version 11.1.1.9.0 Business Process Management Suite Version 12.1.3.0.0 Business Process Management Suite Version 12.2.1.3.0 Enterprise Repository Version 12.1.3.0.0 Service Architecture Leveraging Tuxedo (SALT) Version 12.1.3.0.0 Service Architecture Leveraging Tuxedo (SALT) Version 12.2.2.0.0 GoldenGate Application Adapters Version 12.3.2.1.1 API Gateway Version 11.1.2.4.0 WebCenter Sites Version 11.1.1.8.0 Managed File Transfer Version 12.2.1.3.0 Managed File Transfer Version 19.1.0.0.0 Endeca Server Version 7.7.0 Argus Safety Version 8.1 Argus Safety Version 8.2 Healthcare Master Person Index Version 3.0 Healthcare Master Person Index Version 4.0 Health Sciences Information Manager Version 3.0 Healthcare Foundation Version 7.1 Healthcare Foundation Version 7.2 Hospitality Cruise Shipboard Property Management System Version 8.0.8 Hospitality Cruise Fleet Management Version 9.0.10 Hyperion BI+ Version 11.1.2.4 Insurance Policy Administration J2EE Version 10.0 Insurance Policy Administration J2EE Version 10.2 Insurance Rules Palette Version 10.0 Insurance Rules Palette Version 10.2 Insurance Insbridge Rating and Underwriting Version 5.2 Insurance Insbridge Rating and Underwriting Version 5.4 Insurance Insbridge Rating and Underwriting Version 5.5 Insurance Calculation Engine Version 10.2 JD Edwards EnterpriseOne Tools Version 9.2 JD Edwards World Security Version A9.3 JD Edwards World Security Version A9.3.1 JD Edwards World Security Version A9.4 Java Version 11.0.1; Java SE Embedded: 8u191 Java Version 8u192 Java Version Java Advanced Management Console: 2.12 Java Version Java SE: 7u201 Java Version Java SE: 8u192 MySQL Workbench Version 8.0.13 and prior MySQL Server Version 5.6.42 and prior MySQL Server Version 5.7.24 and prior MySQL Server Version 8.0.13 and prior MySQL Enterprise Monitor Version 4.0.7 and prior MySQL Enterprise Monitor Version 8.0.13 and prior MySQL Connectors Version 2.1.8 and prior MySQL Connectors Version 8.0.13 and prior PeopleSoft Enterprise HCM eProfile Manager Desktop Version 9.2 PeopleSoft Enterprise PT PeopleTools Version 8.55 PeopleSoft Enterprise PT PeopleTools Version 8.56 PeopleSoft Enterprise PT PeopleTools Version 8.57 PeopleSoft Enterprise SCM eProcurement Version 9.2 PeopleSoft Enterprise CS Campus Community Version 9.0 PeopleSoft Enterprise CS Campus Community Version 9.2 PeopleSoft Enterprise CC Common Application Objects Version 9.2 Retail Integration Bus Version 17.0 Retail Merchandising System Version 14.1 Retail Sales Audit Version 15.0 Retail Back Office Version 13.3 Retail Back Office Version 13.4 Retail Back Office Version 14.0 Retail Back Office Version 14.1 Retail Central Office Version 13.3 Retail Central Office Version 13.4 Retail Central Office Version 14.0 Retail Central Office Version 14.1 Retail Returns Management Version 13.3 Retail Returns Management Version 13.4 Retail Returns Management Version 14.0 Retail Returns Management Version 14.1 Retail Customer Insights Version 15.0 Retail Customer Insights Version 16.0 Retail Service Backbone Version 13.1 Retail Service Backbone Version 13.2 Retail Service Backbone Version 14.0 Retail Service Backbone Version 14.1 Retail Service Backbone Version 15.0 Retail Service Backbone Version 16.0 Retail Workforce Management Software Version 1.60.9 Retail Workforce Management Software Version 1.64.0 Retail Convenience and Fuel POS Software Version 2.8.1 MICROS Xstore Payment Version 3.3 Siebel UI Framework Version 18.10 Siebel UI Framework Version 18.11 Solaris Operating System Version 10 Solaris Operating System Version 11 Sun ZFS Storage Appliance Kit (AK) Software Version prior to 8.8.2 Tape Library ACSLS Version 8.4 Transportation Management Version 6.3.7 Transportation Management Version 6.4.1 Transportation Management Version 6.4.2 Transportation Management Version 6.4.3 Agile Product Portfolio Management Version 9.3.3 Agile Product Portfolio Management Version 9.3.4 Agile Product Portfolio Management Version 9.3.5 Agile Product Portfolio Management Version 9.3.6 Agile Engineering Data Management Version 6.1.3 Agile Engineering Data Management Version 6.2.0 Agile Engineering Data Management Version 6.2.1 Agile Product Supplier Collaboration for Process Version 6.2.0.0 Agile Product Supplier Collaboration for Process Version 6.2.1.0 Agile Product Supplier Collaboration for Process Version 6.2.2.0 Agile Product Supplier Collaboration for Process Version 6.2.3.0 Agile Product Supplier Collaboration for Process Version 6.2.3.1 Agile PLM Framework Version 9.3.4 Agile PLM Framework Version 9.3.5 OSS Support Tools Version prior to 19.1 Utilities Network Management System Version 1.12.0.3 Utilities Network Management System Version 2.3.0.0 Utilities Network Management System Version 2.3.0.1 Utilities Network Management System Version 2.3.0.2 Utilities Framework Version 4.3.0.1-4.3.0.4 VM VirtualBox Version prior to 5.2.22 VM VirtualBox Version prior to 5.2.24 VM VirtualBox Version prior to 5.2.26 VM VirtualBox Version prior to 6.0.0 VM VirtualBox Version prior to 6.0.2 VM VirtualBox Version prior to 6.0.4 Secure Global Desktop Version 5.4 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Third Party Tools (Apache Derby)). The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.0 Base Score 9.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H). Fix has been released CVE-2015-1832 P-5242V-12.2.1.3 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5242V-12.2.1.3 Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Gantt Chart (JViews)). Supported versions that are affected are 9.3.3, 9.3.4, 9.3.5 and 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2015-8965 P-4433V-9.3.3 P-4433V-9.3.4 P-4433V-9.3.5 P-4433V-9.3.6 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-4433V-9.3.3 P-4433V-9.3.4 P-4433V-9.3.5 P-4433V-9.3.6 Vulnerability in the Oracle Agile Product Lifecycle Management for Process component of Oracle Supply Chain Products Suite (subcomponent: Supplier Portal (jQuery)). Supported versions that are affected are 6.2.0.0, 6.2.1.0, 6.2.2.0, 6.2.3.0 and 6.2.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile Product Lifecycle Management for Process, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile Product Lifecycle Management for Process accessible data as well as unauthorized read access to a subset of Oracle Agile Product Lifecycle Management for Process accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2015-9251 P-4447V-6.2.0.0 P-4447V-6.2.1.0 P-4447V-6.2.2.0 P-4447V-6.2.3.0 P-4447V-6.2.3.1 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-4447V-6.2.0.0 P-4447V-6.2.1.0 P-4447V-6.2.2.0 P-4447V-6.2.3.0 P-4447V-6.2.3.1 Vulnerability in the Oracle Business Process Management Suite component of Oracle Fusion Middleware (subcomponent: Runtime Engine (JQuery)). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Process Management Suite, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Process Management Suite accessible data as well as unauthorized read access to a subset of Oracle Business Process Management Suite accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2015-9251 P-5325V-11.1.1.9.0 P-5325V-12.1.3.0.0 P-5325V-12.2.1.3.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5325V-11.1.1.9.0 P-5325V-12.1.3.0.0 P-5325V-12.2.1.3.0 Vulnerability in the Oracle Communications Converged Application Server component of Oracle Communications Applications (subcomponent: Security (JQuery)). The supported version that is affected is prior to 7.0.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Converged Application Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Converged Application Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Converged Application Server accessible data as well as unauthorized read access to a subset of Oracle Communications Converged Application Server accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2015-9251 P-5382V-prior to 7.0.0.1 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5382V-prior to 7.0.0.1 Vulnerability in the Oracle Communications WebRTC Session Controller component of Oracle Communications Applications (subcomponent: Security (jQuery)). The supported version that is affected is prior to 7.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications WebRTC Session Controller. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications WebRTC Session Controller, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications WebRTC Session Controller accessible data as well as unauthorized read access to a subset of Oracle Communications WebRTC Session Controller accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2015-9251 P-10811V-prior to 7.2 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-10811V-prior to 7.2 Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Networking (jQuery)). Supported versions that are affected are 12.2.2 and 12.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Ops Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Enterprise Manager Ops Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Ops Center accessible data as well as unauthorized read access to a subset of Enterprise Manager Ops Center accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2015-9251 P-9835V-12.2.2 P-9835V-12.3.3 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-9835V-12.2.2 P-9835V-12.3.3 Vulnerability in the Oracle Healthcare Foundation component of Oracle Health Sciences Applications (subcomponent: Install (jQuery)). Supported versions that are affected are 7.1 and 7.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Healthcare Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Healthcare Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Healthcare Foundation accessible data as well as unauthorized read access to a subset of Oracle Healthcare Foundation accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2015-9251 P-12950V-7.1 P-12950V-7.2 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-12950V-7.1 P-12950V-7.2 Vulnerability in the Oracle Insurance Insbridge Rating and Underwriting component of Oracle Insurance Applications (subcomponent: Framework (jQuery)). Supported versions that are affected are 5.2, 5.4 and 5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Insbridge Rating and Underwriting. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Insurance Insbridge Rating and Underwriting, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Insurance Insbridge Rating and Underwriting accessible data as well as unauthorized read access to a subset of Oracle Insurance Insbridge Rating and Underwriting accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2015-9251 P-5484V-5.2 P-5484V-5.4 P-5484V-5.5 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5484V-5.2 P-5484V-5.4 P-5484V-5.5 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Mobile Application Platform (jQuery)). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2015-9251 P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 Vulnerability in the Oracle Retail Customer Insights component of Oracle Retail Applications (subcomponent: Other (jQuery)). Supported versions that are affected are 15.0 and 16.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Insights. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Customer Insights, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Insights accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Insights accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2015-9251 P-10263V-15.0 P-10263V-16.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-10263V-15.0 P-10263V-16.0 Vulnerability in the Oracle Retail Sales Audit component of Oracle Retail Applications (subcomponent: Operational Insights (jQuery)). The supported version that is affected is 15.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Sales Audit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Sales Audit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Sales Audit accessible data as well as unauthorized read access to a subset of Oracle Retail Sales Audit accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2015-9251 P-1834V-15.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-1834V-15.0 Vulnerability in the Oracle Retail Workforce Management Software component of Oracle Retail Applications (subcomponent: Framework (jQuery)). Supported versions that are affected are 1.60.9 and 1.64.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Workforce Management Software. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Workforce Management Software, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Workforce Management Software accessible data as well as unauthorized read access to a subset of Oracle Retail Workforce Management Software accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2015-9251 P-11514V-1.60.9 P-11514V-1.64.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-11514V-1.60.9 P-11514V-1.64.0 Vulnerability in the Oracle Utilities Framework component of Oracle Utilities Applications (subcomponent: User Interface (jQuery)). Supported versions that are affected are 4.3.0.1-4.3.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Utilities Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Utilities Framework accessible data as well as unauthorized read access to a subset of Oracle Utilities Framework accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2015-9251 P-2245V-4.3.0.1-4.3.0.4 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-2245V-4.3.0.1-4.3.0.4 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Sample apps (jQuery)). Supported versions that are affected are 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2015-9251 P-5242V-12.1.3.0 P-5242V-12.2.1.3 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5242V-12.1.3.0 P-5242V-12.2.1.3 Vulnerability in the Oracle Communications Converged Application Server component of Oracle Communications Applications (subcomponent: Security (Spring Framework)). The supported version that is affected is prior to 7.0.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Converged Application Server. Successful attacks of this vulnerability can result in takeover of Oracle Communications Converged Application Server. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2016-0635 P-5382V-prior to 7.0.0.1 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5382V-prior to 7.0.0.1 Vulnerability in the Tape Library ACSLS component of Oracle Sun Systems Products Suite (subcomponent: Software (Spring Framework)). The supported version that is affected is 8.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Tape Library ACSLS. Successful attacks of this vulnerability can result in takeover of Tape Library ACSLS. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2016-0635 P-10088V-8.4 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-10088V-8.4 Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) component of Oracle Communications Applications (subcomponent: Security (Apache Commons Fileupload)). The supported version that is affected is prior to 8.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks of this vulnerability can result in takeover of Oracle Communications Diameter Signaling Router (DSR). CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2016-1000031 P-10899V-prior to 8.3 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-10899V-prior to 8.3 Vulnerability in the Oracle Communications Services Gatekeeper component of Oracle Communications Applications (subcomponent: Security (Apache Commons Collections Fileupload)). The supported version that is affected is prior to 6.1.0.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Services Gatekeeper. Successful attacks of this vulnerability can result in takeover of Oracle Communications Services Gatekeeper. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2016-1000031 P-5381V-prior to 6.1.0.4.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5381V-prior to 6.1.0.4.0 Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure component of Oracle Financial Services Applications (subcomponent: Infrastructure (Apache Commons FileUpload)). Supported versions that are affected are 7.3.3, 7.3.5, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6 and 8.0.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2016-1000031 P-5680V-7.3.3 P-5680V-7.3.5 P-5680V-8.0.1 P-5680V-8.0.2 P-5680V-8.0.3 P-5680V-8.0.4 P-5680V-8.0.5 P-5680V-8.0.6 P-5680V-8.0.7 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5680V-7.3.3 P-5680V-7.3.5 P-5680V-8.0.1 P-5680V-8.0.2 P-5680V-8.0.3 P-5680V-8.0.4 P-5680V-8.0.5 P-5680V-8.0.6 P-5680V-8.0.7 Vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Install (Apache Commons FileUpload)). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Fusion Middleware MapViewer. Successful attacks of this vulnerability can result in takeover of Oracle Fusion Middleware MapViewer. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2016-1000031 P-1215V-12.2.1.3.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-1215V-12.2.1.3.0 Vulnerability in the Oracle Retail Back Office component of Oracle Retail Applications (subcomponent: Security (Apache Commons FileUpload)). Supported versions that are affected are 13.3, 13.4, 14.0 and 14.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Back Office. Successful attacks of this vulnerability can result in takeover of Oracle Retail Back Office. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2016-1000031 P-2013V-13.3 P-2013V-13.4 P-2013V-14.0 P-2013V-14.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-2013V-13.3 P-2013V-13.4 P-2013V-14.0 P-2013V-14.1 Vulnerability in the Oracle Retail Service Backbone component of Oracle Retail Applications (subcomponent: Install (Apache Commons FileUpload)). Supported versions that are affected are 13.1, 13.2, 14.0,14.1, 15.0 and 16.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Service Backbone. Successful attacks of this vulnerability can result in takeover of Oracle Retail Service Backbone. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2016-1000031 P-10867V-13.1 P-10867V-13.2 P-10867V-14.0 P-10867V-14.1 P-10867V-15.0 P-10867V-16.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-10867V-13.1 P-10867V-13.2 P-10867V-14.0 P-10867V-14.1 P-10867V-15.0 P-10867V-16.0 Vulnerability in the Oracle Communications Converged Application Server component of Oracle Communications Applications (subcomponent: Security (Apache Struts 1)). The supported version that is affected is prior to 7.0.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Converged Application Server. Successful attacks of this vulnerability can result in takeover of Oracle Communications Converged Application Server. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2016-1181 P-5382V-prior to 7.0.0.1 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5382V-prior to 7.0.0.1 Vulnerability in the Oracle Communications WebRTC Session Controller component of Oracle Communications Applications (subcomponent: Security (Apache Struts 1)). The supported version that is affected is prior to 7.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications WebRTC Session Controller. Successful attacks of this vulnerability can result in takeover of Oracle Communications WebRTC Session Controller. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2016-1181 P-10811V-prior to 7.2 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-10811V-prior to 7.2 Vulnerability in the Oracle Banking Platform component of Oracle Financial Services Applications (subcomponent: Patching (Jython)). Supported versions that are affected are 2.6.0, 2.6.1 and 2.6.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Platform. Successful attacks of this vulnerability can result in takeover of Oracle Banking Platform. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2016-4000 P-9178V-2.6.0 P-9178V-2.6.1 P-9178V-2.6.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-9178V-2.6.0 P-9178V-2.6.1 P-9178V-2.6.2 Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Products Suite (subcomponent: Agent Next Gen (Jython)). Supported versions that are affected are 12.1.0.5, 13.2.0 and 13.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in takeover of Enterprise Manager Base Platform. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2016-4000 P-1370V-12.1.0.5 P-1370V-13.2.0 P-1370V-13.3.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-1370V-12.1.0.5 P-1370V-13.2.0 P-1370V-13.3.0 Vulnerability in the Oracle Utilities Network Management System component of Oracle Utilities Applications (subcomponent: System wide (Jython)). Supported versions that are affected are 1.12.0.3, 2.3.0.0, 2.3.0.1 and 2.3.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Network Management System. Successful attacks of this vulnerability can result in takeover of Oracle Utilities Network Management System. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2016-4000 P-2241V-1.12.0.3 P-2241V-2.3.0.0 P-2241V-2.3.0.1 P-2241V-2.3.0.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-2241V-1.12.0.3 P-2241V-2.3.0.0 P-2241V-2.3.0.1 P-2241V-2.3.0.2 Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Corporate Access Module (Freeimage)). The supported version that is affected is 9.0.10. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Fleet Management executes to compromise Oracle Hospitality Cruise Fleet Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Cruise Fleet Management. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Fix has been released CVE-2016-5684 P-11608V-9.0.10 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-11608V-9.0.10 Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: SPMS Shared Libraries (Freeimage)). The supported version that is affected is 8.0.8. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Shipboard Property Management System executes to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Cruise Shipboard Property Management System. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Fix has been released CVE-2016-5684 P-11607V-8.0.8 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-11607V-8.0.8 Vulnerability in the Oracle Communications Unified Inventory Management component of Oracle Communications Applications (subcomponent: Security (Apache Groovy)). The supported version that is affected is prior to 7.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Unified Inventory Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Inventory Management. CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). Fix has been released CVE-2016-6814 P-9785V-prior to 7.4.0 9.6 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-9785V-prior to 7.4.0 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters (Jasper Project)). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Fix has been released CVE-2016-9389 P-2276V-8.5.3 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-2276V-8.5.3 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters (Jasper Project)). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2016-9392 P-2276V-8.5.3 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-2276V-8.5.3 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters (Jasper Project)). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Fix has been released CVE-2016-9583 P-2276V-8.5.3 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-2276V-8.5.3 Vulnerability in the Oracle Communications WebRTC Session Controller component of Oracle Communications Applications (subcomponent: Security (libgcrypt)). The supported version that is affected is prior to 7.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Communications WebRTC Session Controller. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications WebRTC Session Controller accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2017-0379 P-10811V-prior to 7.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-10811V-prior to 7.2 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters (Jasper Project)). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2017-13745 P-2276V-8.5.3 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-2276V-8.5.3 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters (Jasper Project)). The supported version that is affected is 8.5.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L). Fix has been released CVE-2017-14229 P-2276V-8.5.3 3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-2276V-8.5.3 Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security (AntiSamy)). Supported versions that are affected are 9.3.4 and 9.3.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile PLM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2017-14735 P-4461V-9.3.4 P-4461V-9.3.5 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-4461V-9.3.4 P-4461V-9.3.5 Vulnerability in the Oracle Banking Platform component of Oracle Financial Services Applications (subcomponent: Infrastructure (AntiSamy)). Supported versions that are affected are 2.5.0, 2.6.0 and 2.6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Platform accessible data as well as unauthorized read access to a subset of Oracle Banking Platform accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2017-14735 P-9178V-2.5.0 P-9178V-2.6.0 P-9178V-2.6.1 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-9178V-2.5.0 P-9178V-2.6.0 P-9178V-2.6.1 Vulnerability in the Oracle Insurance Policy Administration J2EE component of Oracle Insurance Applications (subcomponent: Core (AntiSamy)). Supported versions that are affected are 10.0 and 10.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Policy Administration J2EE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Insurance Policy Administration J2EE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Insurance Policy Administration J2EE accessible data as well as unauthorized read access to a subset of Oracle Insurance Policy Administration J2EE accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2017-14735 P-5279V-10.0 P-5279V-10.2 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5279V-10.0 P-5279V-10.2 Vulnerability in the Oracle Retail Back Office component of Oracle Retail Applications (subcomponent: Security (AntiSamy)). Supported versions that are affected are 13.3, 13.4, 14.0 and 14.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Back Office. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Back Office, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Back Office accessible data as well as unauthorized read access to a subset of Oracle Retail Back Office accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2017-14735 P-2013V-13.3 P-2013V-13.4 P-2013V-14.0 P-2013V-14.1 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-2013V-13.3 P-2013V-13.4 P-2013V-14.0 P-2013V-14.1 Vulnerability in the Oracle Retail Central Office component of Oracle Retail Applications (subcomponent: Security (AntiSamy)). Supported versions that are affected are 13.3, 13.4, 14.0 and 14.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Central Office. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Central Office, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Central Office accessible data as well as unauthorized read access to a subset of Oracle Retail Central Office accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2017-14735 P-2016V-13.3 P-2016V-13.4 P-2016V-14.0 P-2016V-14.1 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-2016V-13.3 P-2016V-13.4 P-2016V-14.0 P-2016V-14.1 Vulnerability in the Oracle Retail Returns Management component of Oracle Retail Applications (subcomponent: Security (AntiSamy)). Supported versions that are affected are 13.3, 13.4, 14.0 and 14.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Returns Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Returns Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Returns Management accessible data as well as unauthorized read access to a subset of Oracle Retail Returns Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2017-14735 P-2020V-13.3 P-2020V-13.4 P-2020V-14.0 P-2020V-14.1 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-2020V-13.3 P-2020V-13.4 P-2020V-14.0 P-2020V-14.1 Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Third Party Tools (AntiSamy)). The supported version that is affected is 11.1.1.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2017-14735 P-9617V-11.1.1.8.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-9617V-11.1.1.8.0 Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) component of Oracle Communications Applications (subcomponent: Security (jackson-databind)). The supported version that is affected is prior to 8.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks of this vulnerability can result in takeover of Oracle Communications Diameter Signaling Router (DSR). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-15095 P-10899V-prior to 8.3 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-10899V-prior to 8.3 Vulnerability in the Oracle Communications Converged Application Server - Service Controller component of Oracle Communications Applications (subcomponent: Security (Apache Log4j)). The supported version that is affected is 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Converged Application Server - Service Controller. Successful attacks of this vulnerability can result in takeover of Oracle Communications Converged Application Server - Service Controller. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-5645 P-10593V-6.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-10593V-6.1 Vulnerability in the Oracle Communications Online Mediation Controller component of Oracle Communications Applications (subcomponent: Security (Apache Log4j)). The supported version that is affected is 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Online Mediation Controller. Successful attacks of this vulnerability can result in takeover of Oracle Communications Online Mediation Controller. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-5645 P-10594V-6.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-10594V-6.1 Vulnerability in the Oracle Communications Service Broker component of Oracle Communications Applications (subcomponent: Security (Apache Log4j)). The supported version that is affected is 6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Service Broker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Service Broker. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-5645 P-8565V-6.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8565V-6.0 Vulnerability in the Oracle Communications WebRTC Session Controller component of Oracle Communications Applications (subcomponent: Security (Apache Log4j)). The supported version that is affected is prior to 7.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications WebRTC Session Controller. Successful attacks of this vulnerability can result in takeover of Oracle Communications WebRTC Session Controller. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-5645 P-10811V-prior to 7.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-10811V-prior to 7.2 Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure (Apache Log4j)). Supported versions that are affected are 12.0.4, 12.1.0, 12.3.0, 12.4.0 and 14.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in takeover of Oracle FLEXCUBE Investor Servicing. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-5645 P-9099V-12.0.4 P-9099V-12.1.0 P-9099V-12.3.0 P-9099V-12.4.0 P-9099V-14.0.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-9099V-12.0.4 P-9099V-12.1.0 P-9099V-12.3.0 P-9099V-12.4.0 P-9099V-14.0.0 Vulnerability in the Oracle GoldenGate Application Adapters component of Oracle Fusion Middleware (subcomponent: Application Adapters (Apache Log4j)). The supported version that is affected is 12.3.2.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GoldenGate Application Adapters. Successful attacks of this vulnerability can result in takeover of Oracle GoldenGate Application Adapters. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-5645 P-5760V-12.3.2.1.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5760V-12.3.2.1.1 Vulnerability in the Oracle SOA Suite component of Oracle Fusion Middleware (subcomponent: Installation & Templates (Apache Log4j)). Supported versions that are affected are 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SOA Suite. Successful attacks of this vulnerability can result in takeover of Oracle SOA Suite. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-5645 P-1162V-12.1.3.0.0 P-1162V-12.2.1.3.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-1162V-12.1.3.0.0 P-1162V-12.2.1.3.0 Vulnerability in the Tape Library ACSLS component of Oracle Sun Systems Products Suite (subcomponent: Software (Apache Log4j)). The supported version that is affected is 8.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Tape Library ACSLS. Successful attacks of this vulnerability can result in takeover of Tape Library ACSLS. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-5645 P-10088V-8.4 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-10088V-8.4 Vulnerability in the Oracle Retail Xstore Payment component of Oracle Retail Applications (subcomponent: Security (Jetty)). The supported version that is affected is 3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Payment. Successful attacks of this vulnerability can result in takeover of Oracle Retail Xstore Payment. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2017-7658 P-11562V-3.3 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-11562V-3.3 Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) component of Oracle Communications Applications (subcomponent: Security (Apache HTTP Server)). The supported version that is affected is prior to 8.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Diameter Signaling Router (DSR) accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2017-9798 P-10899V-prior to 8.3 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-10899V-prior to 8.3 Vulnerability in the Oracle API Gateway component of Oracle Fusion Middleware (subcomponent: Oracle API Gateway (OpenSSL)). The supported version that is affected is 11.1.2.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle API Gateway. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle API Gateway. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-0732 P-9195V-11.1.2.4.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-9195V-11.1.2.4.0 Vulnerability in the Oracle Agile Engineering Data Management component of Oracle Supply Chain Products Suite (subcomponent: Install (OpenSSL)). Supported versions that are affected are 6.1.3, 6.2.0 and 6.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Agile Engineering Data Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Agile Engineering Data Management. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-0732 P-4436V-6.1.3 P-4436V-6.2.0 P-4436V-6.2.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-4436V-6.1.3 P-4436V-6.2.0 P-4436V-6.2.1 Vulnerability in the Oracle Communications Session Border Controller component of Oracle Communications Applications (subcomponent: Security (OpenSSL)). Supported versions that are affected are SCz7.4.0, SCz7.4.1, SCz8.0.0 and SCz8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Communications Session Border Controller. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Session Border Controller. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). Fix has been released CVE-2018-0732 P-10750V-SCz7.4.0 P-10750V-SCz7.4.1 P-10750V-SCz8.0.0 P-10750V-SCz8.1.0 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-10750V-SCz7.4.0 P-10750V-SCz7.4.1 P-10750V-SCz8.0.0 P-10750V-SCz8.1.0 Vulnerability in the Oracle Communications Unified Session Manager component of Oracle Communications Applications (subcomponent: Security (OpenSSL)). The supported version that is affected is SCz7.3.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Communications Unified Session Manager. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Unified Session Manager. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). Fix has been released CVE-2018-0732 P-10753V-SCz7.3.5 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-10753V-SCz7.3.5 Vulnerability in the Oracle Communications WebRTC Session Controller component of Oracle Communications Applications (subcomponent: Security (OpenSSL)). The supported version that is affected is prior to 7.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Communications WebRTC Session Controller. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications WebRTC Session Controller. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). Fix has been released CVE-2018-0732 P-10811V-prior to 7.2 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-10811V-prior to 7.2 Vulnerability in the Oracle Endeca Server component of Oracle Fusion Middleware (subcomponent: Third Party (OpenSSL)). The supported version that is affected is 7.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Endeca Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Endeca Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-0732 P-10217V-7.7.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-10217V-7.7.0 Vulnerability in the Oracle Enterprise Communications Broker component of Oracle Communications Applications (subcomponent: Security (OpenSSL)). Supported versions that are affected are PCz2.1, PCz2.2 and PCz3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Enterprise Communications Broker. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Communications Broker. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). Fix has been released CVE-2018-0732 P-10758V-PCz2.1 P-10758V-PCz2.2 P-10758V-PCz3.0 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-10758V-PCz2.1 P-10758V-PCz2.2 P-10758V-PCz3.0 Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Products Suite (subcomponent: Discovery Framework (OpenSSL)). Supported versions that are affected are 12.1.0.5, 13.2.0 and 13.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-0732 P-1370V-12.1.0.5 P-1370V-13.2.0 P-1370V-13.3.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-1370V-12.1.0.5 P-1370V-13.2.0 P-1370V-13.3.0 Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Networking (OpenSSL)). Supported versions that are affected are 12.2.2 and 12.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Enterprise Manager Ops Center. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-0732 P-9835V-12.2.2 P-9835V-12.3.3 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-9835V-12.2.2 P-9835V-12.3.3 Vulnerability in the Oracle Enterprise Session Border Controller component of Oracle Communications Applications (subcomponent: Security (OpenSSL)). Supported versions that are affected are ECz7.4.0, ECz7.5.0, ECz8.0.0 and ECz8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Enterprise Session Border Controller. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Session Border Controller. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). Fix has been released CVE-2018-0732 P-10757V-ECz7.4.0 P-10757V-ECz7.5.0 P-10757V-ECz8.0.0 P-10757V-ECz8.1.0 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-10757V-ECz7.4.0 P-10757V-ECz7.5.0 P-10757V-ECz8.0.0 P-10757V-ECz8.1.0 Vulnerability in the JD Edwards World Security component of Oracle JD Edwards Products (subcomponent: Security (OpenSSL)). Supported versions that are affected are A9.3, A9.3.1 and A9.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise JD Edwards World Security. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards World Security. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-0732 P-4839V-A9.3 P-4839V-A9.3.1 P-4839V-A9.4 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-4839V-A9.3 P-4839V-A9.3.1 P-4839V-A9.4 Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: General (OpenSSL)). Supported versions that are affected are 8.0.13 and prior and 4.0.7 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Enterprise Monitor executes to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in NOT IMPLEMENTED. Note: MySQL Enterprise Monitor is not vulnerable to this CVE because it does not use the TLS functionality included in OpenSSL. The CVSS v3.0 Base Score for this CVE in the National Vulnerability Database (NVD) is 7.5. CVSS 3.0 Base Score 0.0 (). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N). Fix has been released CVE-2018-0732 P-8480V-8.0.13 and prior P-8480V-4.0.7 and prior 0.0 AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8480V-8.0.13 and prior P-8480V-4.0.7 and prior Vulnerability in the MySQL Workbench component of Oracle MySQL (subcomponent: MySQL Workbench (OpenSSL)). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Workbench. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-0732 P-4627V-8.0.13 and prior 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-4627V-8.0.13 and prior Vulnerability in the OSS Support Tools component of Oracle Support Tools (subcomponent: Services Tools Bundle (OpenSSL)). The supported version that is affected is prior to 19.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise OSS Support Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of OSS Support Tools. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-0732 P-1330V-prior to 19.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-1330V-prior to 19.1 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security (OpenSSL)). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-0732 P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Project Manager (OpenSSL)). Supported versions that are affected are 8.4, 15.1,15.2, 16.1,16.2, 17.7-17.12 and 18.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera P6 Enterprise Project Portfolio Management. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-0732 P-5580V-8.4 P-5580V-15.1 P-5580V-15.2 P-5580V-16.1 P-5580V-16.2 P-5580V-17.7-17.12 P-5580V-18.8 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5580V-8.4 P-5580V-15.1 P-5580V-15.2 P-5580V-16.1 P-5580V-16.2 P-5580V-17.7-17.12 P-5580V-18.8 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging (OpenSSL)). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2018-0734 P-8478V-5.6.42 and prior P-8478V-5.7.24 and prior P-8478V-8.0.13 and prior 5.1 AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8478V-5.6.42 and prior P-8478V-5.7.24 and prior P-8478V-8.0.13 and prior Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core (OpenSSL)). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2018-0734 P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.0 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.0 Vulnerability in the Oracle Business Process Management Suite component of Oracle Fusion Middleware (subcomponent: Runtime Engine (Bouncy Castle Java Library)). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Process Management Suite accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2018-1000180 P-5325V-11.1.1.9.0 P-5325V-12.1.3.0.0 P-5325V-12.2.1.3.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5325V-11.1.1.9.0 P-5325V-12.1.3.0.0 P-5325V-12.2.1.3.0 Vulnerability in the Oracle Communications Converged Application Server component of Oracle Communications Applications (subcomponent: Security (Bouncy Castle)). The supported version that is affected is prior to 7.0.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Converged Application Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Converged Application Server accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2018-1000180 P-5382V-prior to 7.0.0.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5382V-prior to 7.0.0.1 Vulnerability in the Oracle Communications WebRTC Session Controller component of Oracle Communications Applications (subcomponent: Security (Bouncy Castle Java Library)). The supported version that is affected is prior to 7.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications WebRTC Session Controller. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications WebRTC Session Controller accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2018-1000180 P-10811V-prior to 7.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-10811V-prior to 7.2 Vulnerability in the Oracle Enterprise Repository component of Oracle Fusion Middleware (subcomponent: Security Subsystem - 12c (Bouncy Castle Java Library)). The supported version that is affected is 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Repository. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Repository accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2018-1000180 P-5326V-12.1.3.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5326V-12.1.3.0.0 Vulnerability in the Oracle Retail Convenience and Fuel POS Software component of Oracle Retail Applications (subcomponent: Point of Sale (Bouncy Castle Java Library)). The supported version that is affected is 2.8.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Convenience and Fuel POS Software. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Convenience and Fuel POS Software accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2018-1000180 P-11515V-2.8.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-11515V-2.8.1 Vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: Security Framework (Bouncy Castle Java Library)). Supported versions that are affected are 11.1.1.9.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Portal accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2018-1000180 P-1696V-11.1.1.9.0 P-1696V-12.2.1.3.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-1696V-11.1.1.9.0 P-1696V-12.2.1.3.0 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components (Bouncy Castle Java Library)). The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2018-1000180 P-5242V-12.2.1.3 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5242V-12.2.1.3 Vulnerability in the Oracle Communications WebRTC Session Controller component of Oracle Communications Applications (subcomponent: Security (cURL)). The supported version that is affected is prior to 7.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications WebRTC Session Controller. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications WebRTC Session Controller. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-1000300 P-10811V-prior to 7.2 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-10811V-prior to 7.2 Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Networking (cURL)). Supported versions that are affected are 12.2.2 and 12.3.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Ops Center. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Enterprise Manager Ops Center. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-1000300 P-9835V-12.2.2 P-9835V-12.3.3 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-9835V-12.2.2 P-9835V-12.3.3 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: File Processing (cURL)). Supported versions that are affected are 8.55, 8.56 and 8.57. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-1000300 P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure (dom4j)). Supported versions that are affected are 12.0.4, 12.1.0, 12.3.0, 12.4.0 and 14.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Fix has been released CVE-2018-1000632 P-9099V-12.0.4 P-9099V-12.1.0 P-9099V-12.3.0 P-9099V-12.4.0 P-9099V-14.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-9099V-12.0.4 P-9099V-12.1.0 P-9099V-12.3.0 P-9099V-12.4.0 P-9099V-14.0.0 Vulnerability in the MySQL Workbench component of Oracle MySQL (subcomponent: MySQL Workbench (libssh)). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Workbench accessible data as well as unauthorized access to critical data or complete access to all MySQL Workbench accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). Fix has been released CVE-2018-10933 P-4627V-8.0.13 and prior 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-4627V-8.0.13 and prior Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO (libjpeg)). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Fix has been released CVE-2018-11212 P-856V-Java SE: 7u201 P-856V-8u192 P-856V-11.0.1; Java SE Embedded: 8u191 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-856V-Java SE: 7u201 P-856V-8u192 P-856V-11.0.1; Java SE Embedded: 8u191 Vulnerability in the Oracle Secure Global Desktop (SGD) component of Oracle Virtualization (subcomponent: Web Server (Apache HTTP Server)). The supported version that is affected is 5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Secure Global Desktop (SGD). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Secure Global Desktop (SGD). CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-11763 P-8539V-5.4 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8539V-5.4 Vulnerability in the Oracle Enterprise Repository component of Oracle Fusion Middleware (subcomponent: Security Subsystem (Apache ActiveMQ)). The supported version that is affected is 12.1.3.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Repository. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Repository accessible data as well as unauthorized access to critical data or complete access to all Oracle Enterprise Repository accessible data. CVSS 3.0 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N). Fix has been released CVE-2018-11775 P-5326V-12.1.3.0.0 6.8 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5326V-12.1.3.0.0 Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: Security (Apache Struts 2)). The supported version that is affected is prior to 12.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Policy Management. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-11776 P-10900V-prior to 12.5 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-10900V-prior to 12.5 Vulnerability in the Oracle Secure Global Desktop (SGD) component of Oracle Virtualization (subcomponent: Application Server (Apache Tomcat)). The supported version that is affected is 5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Secure Global Desktop (SGD). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Secure Global Desktop (SGD), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Secure Global Desktop (SGD) accessible data as well as unauthorized read access to a subset of Oracle Secure Global Desktop (SGD) accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2018-11784 P-8539V-5.4 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8539V-5.4 Vulnerability in the Enterprise Manager for Virtualization component of Oracle Enterprise Manager Products Suite (subcomponent: Plug-In Lifecycle (jackson-databind)). Supported versions that are affected are 13.2.2, 13.2.3 and 13.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager for Virtualization. Successful attacks of this vulnerability can result in takeover of Enterprise Manager for Virtualization. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-12023 P-9586V-13.2.2 P-9586V-13.2.3 P-9586V-13.3.1 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-9586V-13.2.2 P-9586V-13.2.3 P-9586V-13.3.1 Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite (subcomponent: Load Testing for Web Apps (Spring Framework)). Supported versions that are affected are 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in takeover of Oracle Application Testing Suite. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-1258 P-4622V-12.5.0.3 P-4622V-13.1.0.1 P-4622V-13.2.0.1 P-4622V-13.3.0.1 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-4622V-12.5.0.3 P-4622V-13.1.0.1 P-4622V-13.2.0.1 P-4622V-13.3.0.1 Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) component of Oracle Communications Applications (subcomponent: Security (Spring Framework)). The supported version that is affected is prior to 8.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks of this vulnerability can result in takeover of Oracle Communications Diameter Signaling Router (DSR). CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-1258 P-10899V-prior to 8.3 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-10899V-prior to 8.3 Vulnerability in the Oracle Communications Performance Intelligence Center (PIC) Software component of Oracle Communications Applications (subcomponent: Security (Spring Framework)). The supported version that is affected is prior to 10.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Performance Intelligence Center (PIC) Software. Successful attacks of this vulnerability can result in takeover of Oracle Communications Performance Intelligence Center (PIC) Software. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-1258 P-11044V-prior to 10.2.1 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-11044V-prior to 10.2.1 Vulnerability in the Oracle Communications Services Gatekeeper component of Oracle Communications Applications (subcomponent: Security (Spring Framework)). The supported version that is affected is prior to 6.1.0.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Services Gatekeeper. Successful attacks of this vulnerability can result in takeover of Oracle Communications Services Gatekeeper. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-1258 P-5381V-prior to 6.1.0.4.0 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5381V-prior to 6.1.0.4.0 Vulnerability in the Oracle Health Sciences Information Manager component of Oracle Health Sciences Applications (subcomponent: Health Policy Engine (Spring Framework)). The supported version that is affected is 3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Health Sciences Information Manager. Successful attacks of this vulnerability can result in takeover of Oracle Health Sciences Information Manager. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-1258 P-9177V-3.0 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-9177V-3.0 Vulnerability in the Oracle Healthcare Master Person Index component of Oracle Health Sciences Applications (subcomponent: Core (Spring Framework)). Supported versions that are affected are 3.0 and 4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Healthcare Master Person Index. Successful attacks of this vulnerability can result in takeover of Oracle Healthcare Master Person Index. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-1258 P-8575V-3.0 P-8575V-4.0 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8575V-3.0 P-8575V-4.0 Vulnerability in the Oracle Insurance Calculation Engine component of Oracle Insurance Applications (subcomponent: Core (Spring Framework)). The supported version that is affected is 10.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Insurance Calculation Engine. Successful attacks of this vulnerability can result in takeover of Oracle Insurance Calculation Engine. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-1258 P-10837V-10.2 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-10837V-10.2 Vulnerability in the Oracle Insurance Rules Palette component of Oracle Insurance Applications (subcomponent: Core (Spring Framework)). Supported versions that are affected are 10.0 and 10.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Insurance Rules Palette. Successful attacks of this vulnerability can result in takeover of Oracle Insurance Rules Palette. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-1258 P-5288V-10.0 P-5288V-10.2 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5288V-10.0 P-5288V-10.2 Vulnerability in the Oracle Retail Customer Insights component of Oracle Retail Applications (subcomponent: Other (Spring Framework)). Supported versions that are affected are 15.0 and 16.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Customer Insights. Successful attacks of this vulnerability can result in takeover of Oracle Retail Customer Insights. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-1258 P-10263V-15.0 P-10263V-16.0 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-10263V-15.0 P-10263V-16.0 Vulnerability in the Oracle Service Architecture Leveraging Tuxedo component of Oracle Fusion Middleware (subcomponent: Internal Operations (Spring Framework)). Supported versions that are affected are 12.1.3.0.0 and 12.2.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Service Architecture Leveraging Tuxedo. Successful attacks of this vulnerability can result in takeover of Oracle Service Architecture Leveraging Tuxedo. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-1275 P-5435V-12.1.3.0.0 P-5435V-12.2.2.0.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5435V-12.1.3.0.0 P-5435V-12.2.2.0.0 Vulnerability in the Tape Library ACSLS component of Oracle Sun Systems Products Suite (subcomponent: Software (Spring Framework)). The supported version that is affected is 8.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Tape Library ACSLS. Successful attacks of this vulnerability can result in takeover of Tape Library ACSLS. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-1275 P-10088V-8.4 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-10088V-8.4 Vulnerability in the Oracle Banking Platform component of Oracle Financial Services Applications (subcomponent: Infrastructure (jackson-databind)). Supported versions that are affected are 2.5.0, 2.6.0, 2.6.1 and 2.6.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Platform. Successful attacks of this vulnerability can result in takeover of Oracle Banking Platform. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-14718 P-9178V-2.5.0 P-9178V-2.6.0 P-9178V-2.6.1 P-9178V-2.6.2 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-9178V-2.5.0 P-9178V-2.6.0 P-9178V-2.6.1 P-9178V-2.6.2 Vulnerability in the Oracle Communications Billing and Revenue Management component of Oracle Communications Applications (subcomponent: Billing Operations Center, Billing Care (jackson-databind)). Supported versions that are affected are 7.5 and 12.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Billing and Revenue Management. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-14718 P-2136V-7.5 P-2136V-12.0 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-2136V-7.5 P-2136V-12.0 Vulnerability in the Enterprise Manager for Virtualization component of Oracle Enterprise Manager Products Suite (subcomponent: Plug-In Lifecycle (jackson-databind)). Supported versions that are affected are 13.2.2, 13.2.3 and 13.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager for Virtualization. Successful attacks of this vulnerability can result in takeover of Enterprise Manager for Virtualization. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-14718 P-9586V-13.2.2 P-9586V-13.2.3 P-9586V-13.3.1 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-9586V-13.2.2 P-9586V-13.2.3 P-9586V-13.3.1 Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure component of Oracle Financial Services Applications (subcomponent: Infrastructure (jackson-databind)). Supported versions that are affected are 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6 and 8.0.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-14718 P-5680V-8.0.2 P-5680V-8.0.3 P-5680V-8.0.4 P-5680V-8.0.5 P-5680V-8.0.6 P-5680V-8.0.7 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5680V-8.0.2 P-5680V-8.0.3 P-5680V-8.0.4 P-5680V-8.0.5 P-5680V-8.0.6 P-5680V-8.0.7 Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core (jackson-databind)). Supported versions that are affected are 16.1, 16.2, 17.1-17.12 and 18.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in takeover of Primavera Unifier. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-14718 P-10354V-16.1 P-10354V-16.2 P-10354V-17.1-17.12 P-10354V-18.8 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-10354V-16.1 P-10354V-16.2 P-10354V-17.1-17.12 P-10354V-18.8 Vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: Security Framework (jackson-databind)). The supported version that is affected is 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Portal. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-14718 P-1696V-12.2.1.3.0 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-1696V-12.2.1.3.0 Vulnerability in the Oracle Retail Merchandising System component of Oracle Retail Applications (subcomponent: Security (SQL Logger)). The supported version that is affected is 14.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Merchandising System. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Merchandising System accessible data as well as unauthorized read access to a subset of Oracle Retail Merchandising System accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N). Fix has been released CVE-2018-3125 P-1816V-14.1 6.5 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-1816V-14.1 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N). Fix has been released CVE-2018-3147 P-2276V-8.5.3 P-2276V-8.5.4 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-2276V-8.5.3 P-2276V-8.5.4 Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Products Suite (subcomponent: EM Console). Supported versions that are affected are 13.2 and 13.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N). Fix has been released CVE-2018-3303 P-1370V-13.2 P-1370V-13.3 6.5 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-1370V-13.2 P-1370V-13.3 Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite (subcomponent: Load Testing for Web Apps). Supported versions that are affected are 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Testing Suite accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Testing Suite. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L). Fix has been released CVE-2018-3304 P-4622V-12.5.0.3 P-4622V-13.1.0.1 P-4622V-13.2.0.1 P-4622V-13.3.0.1 6.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-4622V-12.5.0.3 P-4622V-13.1.0.1 P-4622V-13.2.0.1 P-4622V-13.3.0.1 Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite (subcomponent: Load Testing for Web Apps). Supported versions that are affected are 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Testing Suite accessible data as well as unauthorized read access to a subset of Oracle Application Testing Suite accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Testing Suite. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). Fix has been released CVE-2018-3305 P-4622V-12.5.0.3 P-4622V-13.1.0.1 P-4622V-13.2.0.1 P-4622V-13.3.0.1 6.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-4622V-12.5.0.3 P-4622V-13.1.0.1 P-4622V-13.2.0.1 P-4622V-13.3.0.1 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is prior to 5.2.22. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). Fix has been released CVE-2018-3309 P-8370V-prior to 5.2.22 8.2 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8370V-prior to 5.2.22 Vulnerability in the Oracle Retail Xstore Payment component of Oracle Retail Applications (subcomponent: Security). The supported version that is affected is 3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Payment. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Xstore Payment accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Xstore Payment accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Xstore Payment. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). Fix has been released CVE-2018-3311 P-11562V-3.3 8.6 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-11562V-3.3 Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Solaris accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2018-3639 P-10006V-11 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-10006V-11 Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Solaris accessible data. CVSS 3.0 Base Score 5.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N). Fix has been released CVE-2018-3646 P-10006V-11 5.6 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-10006V-11 Vulnerability in the Oracle Communications Session Border Controller component of Oracle Communications Applications (subcomponent: Security (Kernel)). Supported versions that are affected are SCz7.4.0, SCz7.4.1, SCz8.0.0 and SCz8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Communications Session Border Controller. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Session Border Controller. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2018-5390 P-10750V-SCz7.4.0 P-10750V-SCz7.4.1 P-10750V-SCz8.0.0 P-10750V-SCz8.1.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-10750V-SCz7.4.0 P-10750V-SCz7.4.1 P-10750V-SCz8.0.0 P-10750V-SCz8.1.0 Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) component of Oracle Communications Applications (subcomponent: Security (Apache Batik)). The supported version that is affected is prior to 8.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router (DSR) accessible data as well as unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Diameter Signaling Router (DSR). CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Fix has been released CVE-2018-8013 P-10899V-prior to 8.3 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-10899V-prior to 8.3 Vulnerability in the Oracle Communications WebRTC Session Controller component of Oracle Communications Applications (subcomponent: Security (Apache Batik)). The supported version that is affected is prior to 7.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications WebRTC Session Controller. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications WebRTC Session Controller accessible data as well as unauthorized read access to a subset of Oracle Communications WebRTC Session Controller accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications WebRTC Session Controller. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Fix has been released CVE-2018-8013 P-10811V-prior to 7.2 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-10811V-prior to 7.2 Vulnerability in the Oracle Insurance Policy Administration J2EE component of Oracle Insurance Applications (subcomponent: User Interface (Apache Batik)). Supported versions that are affected are 10.0 and 10.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Policy Administration J2EE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Insurance Policy Administration J2EE accessible data as well as unauthorized read access to a subset of Oracle Insurance Policy Administration J2EE accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Insurance Policy Administration J2EE. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Fix has been released CVE-2018-8013 P-5279V-10.0 P-5279V-10.2 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5279V-10.0 P-5279V-10.2 Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC (Apache Batik)). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-8013 P-4781V-9.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-4781V-9.2 Vulnerability in the Oracle Retail Integration Bus component of Oracle Retail Applications (subcomponent: RIB Kernel (Apache Batik)). The supported version that is affected is 17.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Integration Bus. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Integration Bus accessible data as well as unauthorized read access to a subset of Oracle Retail Integration Bus accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Integration Bus. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Fix has been released CVE-2018-8013 P-1807V-17.0 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-1807V-17.0 Vulnerability in the Oracle Communications Services Gatekeeper component of Oracle Communications Applications (subcomponent: Security (jQuery)). The supported version that is affected is prior to 6.1.0.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Services Gatekeeper. Successful attacks of this vulnerability can result in takeover of Oracle Communications Services Gatekeeper. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-9206 P-5381V-prior to 6.1.0.4.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5381V-prior to 6.1.0.4.0 Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core (jQuery FileUpload)). Supported versions that are affected are 16.1, 16.2, 17.1-17.12 and 18.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in takeover of Primavera Unifier. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-9206 P-10354V-16.1 P-10354V-16.2 P-10354V-17.1-17.12 P-10354V-18.8 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-10354V-16.1 P-10354V-16.2 P-10354V-17.1-17.12 P-10354V-18.8 Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI (jQuery FileUpload)). Supported versions that are affected are 18.10 and 18.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in takeover of Siebel UI Framework. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2018-9206 P-9011V-18.10 P-9011V-18.11 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-9011V-18.10 P-9011V-18.11 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). The supported version that is affected is 10.3.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS 3.0 Base Score 5.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L). Fix has been released CVE-2019-2395 P-5242V-10.3.6.0 5.4 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5242V-10.3.6.0 Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Messages). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N). Fix has been released CVE-2019-2396 P-1199V-12.1.3 P-1199V-12.2.3 P-1199V-12.2.4 P-1199V-12.2.5 P-1199V-12.2.6 P-1199V-12.2.7 P-1199V-12.2.8 4.7 AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-1199V-12.1.3 P-1199V-12.2.3 P-1199V-12.2.4 P-1199V-12.2.5 P-1199V-12.2.6 P-1199V-12.2.7 P-1199V-12.2.8 Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker having Report privilege with logon to the infrastructure where Oracle Hospitality Reporting and Analytics executes to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized read access to a subset of Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). Fix has been released CVE-2019-2397 P-11599V-9.1.0 4.4 AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-11599V-9.1.0 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Deployment). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). Fix has been released CVE-2019-2398 P-5242V-10.3.6.0 P-5242V-12.1.3.0 P-5242V-12.2.1.3 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5242V-10.3.6.0 P-5242V-12.1.3.0 P-5242V-12.2.1.3 Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) component of Oracle Communications Applications (subcomponent: Security). The supported version that is affected is prior to 8.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Diameter Signaling Router (DSR). CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L). Fix has been released CVE-2019-2399 P-10899V-prior to 8.3 6.5 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-10899V-prior to 8.3 Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: User Registration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Fix has been released CVE-2019-2400 P-384V-12.1.1 P-384V-12.1.2 P-384V-12.1.3 P-384V-12.2.3 P-384V-12.2.4 P-384V-12.2.5 P-384V-12.2.6 P-384V-12.2.7 P-384V-12.2.8 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-384V-12.1.1 P-384V-12.1.2 P-384V-12.1.3 P-384V-12.2.3 P-384V-12.2.4 P-384V-12.2.5 P-384V-12.2.6 P-384V-12.2.7 P-384V-12.2.8 Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker having Admin privilege with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). Fix has been released CVE-2019-2401 P-11599V-9.1.0 8.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-11599V-9.1.0 Vulnerability in the Oracle Hospitality Simphony component of Oracle Food and Beverage Applications. The supported version that is affected is 2.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Simphony accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Simphony. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L). Fix has been released CVE-2019-2402 P-11594V-2.10 7.7 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-11594V-2.10 Vulnerability in the Oracle Hospitality Simphony component of Oracle Food and Beverage Applications. The supported version that is affected is 2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Simphony accessible data as well as unauthorized read access to a subset of Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N). Fix has been released CVE-2019-2403 P-11594V-2.10 6.5 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-11594V-2.10 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Fix has been released CVE-2019-2404 P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 8.55, 8.56 and 8.57. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2019-2405 P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 7.5 AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute Catalog Role privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in takeover of Core RDBMS. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2019-2406 P-5V-12.1.0.2 P-5V-12.2.0.1 P-5V-18c 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5V-12.1.0.2 P-5V-12.2.0.1 P-5V-18c Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker having Report privilege with logon to the infrastructure where Oracle Hospitality Reporting and Analytics executes to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N). Fix has been released CVE-2019-2407 P-11599V-9.1.0 6.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-11599V-9.1.0 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Feeds). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N). Fix has been released CVE-2019-2408 P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: SPMS Suite). The supported version that is affected is 8.0.8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality Cruise Shipboard Property Management System executes to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Cruise Shipboard Property Management System, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hospitality Cruise Shipboard Property Management System as well as unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Shipboard Property Management System accessible data and unauthorized read access to a subset of Oracle Hospitality Cruise Shipboard Property Management System accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H). Fix has been released CVE-2019-2409 P-11607V-8.0.8 7.3 AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-11607V-8.0.8 Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: DGS RES Online, FMS Sender, FMS Receiver, OHC WPF Security). The supported version that is affected is 8.0.8. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Shipboard Property Management System executes to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Shipboard Property Management System accessible data as well as unauthorized read access to a subset of Oracle Hospitality Cruise Shipboard Property Management System accessible data. CVSS 3.0 Base Score 5.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N). Fix has been released CVE-2019-2410 P-11607V-8.0.8 5.1 AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-11607V-8.0.8 Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: SPMS Suite). The supported version that is affected is 8.0.8. Easily exploitable vulnerability allows low privileged attacker with network access via TCP to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Cruise Shipboard Property Management System, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hospitality Cruise Shipboard Property Management System as well as unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Shipboard Property Management System accessible data. CVSS 3.0 Base Score 7.6 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:H). Fix has been released CVE-2019-2411 P-11607V-8.0.8 7.6 AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-11607V-8.0.8 Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Object Store). The supported version that is affected is prior to 8.8.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Sun ZFS Storage Appliance Kit (AK) executes to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 6.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2019-2412 P-10026V-prior to 8.8.2 6.4 AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-10026V-prior to 8.8.2 Vulnerability in the Oracle Reports Developer component of Oracle Fusion Middleware (subcomponent: Valid Session). The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports Developer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Reports Developer, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Reports Developer accessible data as well as unauthorized read access to a subset of Oracle Reports Developer accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2019-2413 P-159V-12.2.1.3 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-159V-12.2.1.3 Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle HTTP Server executes to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in takeover of Oracle HTTP Server. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2019-2414 P-1042V-12.2.1.3 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-1042V-12.2.1.3 Vulnerability in the Hyperion BI+ component of Oracle Hyperion (subcomponent: Foundation UI & Servlets). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion BI+ accessible data as well as unauthorized read access to a subset of Hyperion BI+ accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Hyperion BI+. CVSS 3.0 Base Score 4.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L). Fix has been released CVE-2019-2415 P-4361V-11.1.2.4 4.3 AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-4361V-11.1.2.4 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Application Server). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2019-2416 P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Performance Monitor). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N). Fix has been released CVE-2019-2417 P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 6.5 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS 3.0 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L). Fix has been released CVE-2019-2418 P-5242V-10.3.6.0 P-5242V-12.1.3.0 P-5242V-12.2.1.3 6.5 AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5242V-10.3.6.0 P-5242V-12.1.3.0 P-5242V-12.2.1.3 Vulnerability in the PeopleSoft Enterprise CC Common Application Objects component of Oracle PeopleSoft Products (subcomponent: Form and Approval Builder). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise CC Common Application Objects, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise CC Common Application Objects accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise CC Common Application Objects accessible data. Note: This Enterprise Common Component is used by all PeopleSoft Application products. Please refer to the <a target="_blank" href="https://support.oracle.com/rs?type=doc&id=2493366.1">MOS Note Doc ID 2493366.1</a> for patch information. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2019-2419 P-8911V-9.2 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8911V-9.2 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2019-2420 P-8478V-5.7.24 and prior P-8478V-8.0.13 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8478V-5.7.24 and prior P-8478V-8.0.13 and prior Vulnerability in the PeopleSoft Enterprise HCM eProfile Manager Desktop component of Oracle PeopleSoft Products (subcomponent: Guided Self Service). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM eProfile Manager Desktop. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise HCM eProfile Manager Desktop, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM eProfile Manager Desktop accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HCM eProfile Manager Desktop accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2019-2421 P-5052V-9.2 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5052V-9.2 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). Fix has been released CVE-2019-2422 P-856V-Java SE: 7u201 P-856V-8u192 P-856V-11.0.1; Java SE Embedded: 8u191 3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-856V-Java SE: 7u201 P-856V-8u192 P-856V-11.0.1; Java SE Embedded: 8u191 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Search). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2019-2423 P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized read access to a subset of Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N). Fix has been released CVE-2019-2425 P-11599V-9.1.0 6.5 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-11599V-9.1.0 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Fix has been released CVE-2019-2426 P-856V-Java SE: 7u201 P-856V-8u192 P-856V-11.0.1; Java SE Embedded: 8u191 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-856V-Java SE: 7u201 P-856V-8u192 P-856V-11.0.1; Java SE Embedded: 8u191 Vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: WebCenter Spaces Application). Supported versions that are affected are 11.1.1.9.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Portal accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). Fix has been released CVE-2019-2427 P-1696V-11.1.1.9.0 P-1696V-12.2.1.3.0 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-1696V-11.1.1.9.0 P-1696V-12.2.1.3.0 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology and unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H). Fix has been released CVE-2019-2429 P-2276V-8.5.3 P-2276V-8.5.4 7.1 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-2276V-8.5.3 P-2276V-8.5.4 Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications (subcomponent: Console). Supported versions that are affected are 8.1 and 8.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Argus Safety. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Argus Safety accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2019-2430 P-5710V-8.1 P-5710V-8.2 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5710V-8.1 P-5710V-8.2 Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications (subcomponent: Console). Supported versions that are affected are 8.1 and 8.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Argus Safety. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Argus Safety, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Argus Safety accessible data. CVSS 3.0 Base Score 6.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N). Fix has been released CVE-2019-2431 P-5710V-8.1 P-5710V-8.2 6.1 AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5710V-8.1 P-5710V-8.2 Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications (subcomponent: Login). Supported versions that are affected are 8.1 and 8.2. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Argus Safety. While the vulnerability is in Oracle Argus Safety, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Argus Safety accessible data as well as unauthorized read access to a subset of Oracle Argus Safety accessible data. CVSS 3.0 Base Score 4.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N). Fix has been released CVE-2019-2432 P-5710V-8.1 P-5710V-8.2 4.9 AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5710V-8.1 P-5710V-8.2 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: XML Publisher). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2019-2433 P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2019-2434 P-8478V-5.7.24 and prior P-8478V-8.0.13 and prior 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8478V-5.7.24 and prior P-8478V-8.0.13 and prior Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 8.0.13 and prior and 2.1.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Connectors accessible data as well as unauthorized access to critical data or complete access to all MySQL Connectors accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N). Fix has been released CVE-2019-2435 P-8576V-8.0.13 and prior P-8576V-2.1.8 and prior 8.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8576V-8.0.13 and prior P-8576V-2.1.8 and prior Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). Fix has been released CVE-2019-2436 P-8478V-8.0.13 and prior 5.5 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8478V-8.0.13 and prior Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2019-2437 P-10006V-11 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-10006V-11 Vulnerability in the Oracle Web Cache component of Oracle Fusion Middleware (subcomponent: ESI/Partial Page Caching). The supported version that is affected is 11.1.1.9.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Cache. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Web Cache, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Web Cache accessible data as well as unauthorized update, insert or delete access to some of Oracle Web Cache accessible data. CVSS 3.0 Base Score 6.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N). Fix has been released CVE-2019-2438 P-1059V-11.1.1.9.0 6.9 AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-1059V-11.1.1.9.0 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2019-2439 P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Fix has been released CVE-2019-2440 P-229V-12.1.1 P-229V-12.1.2 P-229V-12.1.3 P-229V-12.2.3 P-229V-12.2.4 P-229V-12.2.5 P-229V-12.2.6 P-229V-12.2.7 P-229V-12.2.8 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-229V-12.1.1 P-229V-12.1.2 P-229V-12.1.3 P-229V-12.2.3 P-229V-12.2.4 P-229V-12.2.5 P-229V-12.2.6 P-229V-12.2.7 P-229V-12.2.8 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Application Container - JavaEE). The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Fix has been released CVE-2019-2441 P-5242V-12.2.1.3 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5242V-12.2.1.3 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Core). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2019-2442 P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: XML Publisher). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2019-2443 P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 18c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Core RDBMS. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H). Fix has been released CVE-2019-2444 P-5V-12.2.0.1 P-5V-18c 8.2 AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5V-12.2.0.1 P-5V-18c Vulnerability in the Oracle Content Manager component of Oracle E-Business Suite (subcomponent: Cover Letter). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Content Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Content Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Content Manager accessible data as well as unauthorized update, insert or delete access to some of Oracle Content Manager accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Fix has been released CVE-2019-2445 P-1145V-12.1.1 P-1145V-12.1.2 P-1145V-12.1.3 P-1145V-12.2.3 P-1145V-12.2.4 P-1145V-12.2.5 P-1145V-12.2.6 P-1145V-12.2.7 P-1145V-12.2.8 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-1145V-12.1.1 P-1145V-12.1.2 P-1145V-12.1.3 P-1145V-12.2.3 P-1145V-12.2.4 P-1145V-12.2.5 P-1145V-12.2.6 P-1145V-12.2.7 P-1145V-12.2.8 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2019-2446 P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: Partner Detail). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Partner Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Partner Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Partner Management accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Fix has been released CVE-2019-2447 P-1065V-12.1.1 P-1065V-12.1.2 P-1065V-12.1.3 P-1065V-12.2.3 P-1065V-12.2.4 P-1065V-12.2.5 P-1065V-12.2.6 P-1065V-12.2.7 P-1065V-12.2.8 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-1065V-12.1.1 P-1065V-12.1.2 P-1065V-12.1.3 P-1065V-12.2.3 P-1065V-12.2.4 P-1065V-12.2.5 P-1065V-12.2.6 P-1065V-12.2.7 P-1065V-12.2.8 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Fix has been released CVE-2019-2448 P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). The supported version that is affected is Java SE: 8u192. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L). Fix has been released CVE-2019-2449 P-856V-Java SE: 8u192 3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-856V-Java SE: 8u192 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). Fix has been released CVE-2019-2450 P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 6.5 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). Fix has been released CVE-2019-2451 P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 6.5 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H). Fix has been released CVE-2019-2452 P-5242V-10.3.6.0 P-5242V-12.1.3.0 P-5242V-12.2.1.3 6.7 AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5242V-10.3.6.0 P-5242V-12.1.3.0 P-5242V-12.2.1.3 Vulnerability in the Oracle Performance Management component of Oracle E-Business Suite (subcomponent: Performance Management Plan). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Performance Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Performance Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Performance Management accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). Fix has been released CVE-2019-2453 P-4425V-12.1.1 P-4425V-12.1.2 P-4425V-12.1.3 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-4425V-12.1.1 P-4425V-12.1.2 P-4425V-12.1.3 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2019-2455 P-8478V-5.6.42 and prior P-8478V-5.7.24 and prior P-8478V-8.0.13 and prior 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8478V-5.6.42 and prior P-8478V-5.7.24 and prior P-8478V-8.0.13 and prior Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L). Fix has been released CVE-2019-2456 P-2276V-8.5.3 P-2276V-8.5.4 6.5 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-2276V-8.5.3 P-2276V-8.5.4 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Fix has been released CVE-2019-2457 P-2276V-8.5.3 P-2276V-8.5.4 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-2276V-8.5.3 P-2276V-8.5.4 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Fix has been released CVE-2019-2458 P-2276V-8.5.3 P-2276V-8.5.4 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-2276V-8.5.3 P-2276V-8.5.4 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Fix has been released CVE-2019-2459 P-2276V-8.5.3 P-2276V-8.5.4 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-2276V-8.5.3 P-2276V-8.5.4 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Fix has been released CVE-2019-2460 P-2276V-8.5.3 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-2276V-8.5.3 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Fix has been released CVE-2019-2461 P-2276V-8.5.3 P-2276V-8.5.4 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-2276V-8.5.3 P-2276V-8.5.4 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. While the vulnerability is in Oracle Outside In Technology, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.2 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L). Fix has been released CVE-2019-2462 P-2276V-8.5.3 P-2276V-8.5.4 7.2 AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-2276V-8.5.3 P-2276V-8.5.4 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L). Fix has been released CVE-2019-2463 P-2276V-8.5.3 P-2276V-8.5.4 6.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-2276V-8.5.3 P-2276V-8.5.4 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Fix has been released CVE-2019-2464 P-2276V-8.5.3 P-2276V-8.5.4 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-2276V-8.5.3 P-2276V-8.5.4 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Fix has been released CVE-2019-2465 P-2276V-8.5.3 P-2276V-8.5.4 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-2276V-8.5.3 P-2276V-8.5.4 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Fix has been released CVE-2019-2466 P-2276V-8.5.3 P-2276V-8.5.4 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-2276V-8.5.3 P-2276V-8.5.4 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2019-2467 P-2276V-8.5.3 P-2276V-8.5.4 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-2276V-8.5.3 P-2276V-8.5.4 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2019-2468 P-2276V-8.5.3 P-2276V-8.5.4 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-2276V-8.5.3 P-2276V-8.5.4 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology and unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H). Fix has been released CVE-2019-2469 P-2276V-8.5.3 P-2276V-8.5.4 6.5 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-2276V-8.5.3 P-2276V-8.5.4 Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: Partner Detail). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Partner Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Partner Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Partner Management accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Fix has been released CVE-2019-2470 P-1065V-12.1.1 P-1065V-12.1.2 P-1065V-12.1.3 P-1065V-12.2.3 P-1065V-12.2.4 P-1065V-12.2.5 P-1065V-12.2.6 P-1065V-12.2.7 P-1065V-12.2.8 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-1065V-12.1.1 P-1065V-12.1.2 P-1065V-12.1.3 P-1065V-12.2.3 P-1065V-12.2.4 P-1065V-12.2.5 P-1065V-12.2.6 P-1065V-12.2.7 P-1065V-12.2.8 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2019-2471 P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Fix has been released CVE-2019-2472 P-2276V-8.5.3 P-2276V-8.5.4 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-2276V-8.5.3 P-2276V-8.5.4 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2019-2473 P-2276V-8.5.3 P-2276V-8.5.4 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-2276V-8.5.3 P-2276V-8.5.4 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2019-2474 P-2276V-8.5.3 P-2276V-8.5.4 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-2276V-8.5.3 P-2276V-8.5.4 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2019-2475 P-2276V-8.5.3 P-2276V-8.5.4 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-2276V-8.5.3 P-2276V-8.5.4 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2019-2476 P-2276V-8.5.3 P-2276V-8.5.4 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-2276V-8.5.3 P-2276V-8.5.4 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2019-2477 P-2276V-8.5.3 P-2276V-8.5.4 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-2276V-8.5.3 P-2276V-8.5.4 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Fix has been released CVE-2019-2478 P-2276V-8.5.3 P-2276V-8.5.4 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-2276V-8.5.3 P-2276V-8.5.4 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2019-2479 P-2276V-8.5.3 P-2276V-8.5.4 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-2276V-8.5.3 P-2276V-8.5.4 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Fix has been released CVE-2019-2480 P-2276V-8.5.3 P-2276V-8.5.4 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-2276V-8.5.3 P-2276V-8.5.4 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2019-2481 P-8478V-5.6.42 and prior P-8478V-5.7.24 and prior P-8478V-8.0.13 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8478V-5.6.42 and prior P-8478V-5.7.24 and prior P-8478V-8.0.13 and prior Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: PS). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2019-2482 P-8478V-5.6.42 and prior P-8478V-5.7.24 and prior P-8478V-8.0.13 and prior 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8478V-5.6.42 and prior P-8478V-5.7.24 and prior P-8478V-8.0.13 and prior Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Shopping Cart). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Fix has been released CVE-2019-2483 P-384V-12.1.1 P-384V-12.1.2 P-384V-12.1.3 P-384V-12.2.3 P-384V-12.2.4 P-384V-12.2.5 P-384V-12.2.6 P-384V-12.2.7 P-384V-12.2.8 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-384V-12.1.1 P-384V-12.1.2 P-384V-12.1.3 P-384V-12.2.3 P-384V-12.2.4 P-384V-12.2.5 P-384V-12.2.6 P-384V-12.2.7 P-384V-12.2.8 Vulnerability in the Oracle Mobile Field Service component of Oracle E-Business Suite (subcomponent: Administration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Mobile Field Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Mobile Field Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Mobile Field Service accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N). Fix has been released CVE-2019-2485 P-753V-12.1.1 P-753V-12.1.2 P-753V-12.1.3 P-753V-12.2.3 P-753V-12.2.4 P-753V-12.2.5 P-753V-12.2.6 P-753V-12.2.7 P-753V-12.2.8 4.7 AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-753V-12.1.1 P-753V-12.1.2 P-753V-12.1.3 P-753V-12.2.3 P-753V-12.2.4 P-753V-12.2.5 P-753V-12.2.6 P-753V-12.2.7 P-753V-12.2.8 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2019-2486 P-8478V-5.7.24 and prior P-8478V-8.0.13 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8478V-5.7.24 and prior P-8478V-8.0.13 and prior Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: UI Infrastructure). Supported versions that are affected are 6.3.7, 6.4.1, 6.4.2 and 6.4.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Transportation Management accessible data. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N). Fix has been released CVE-2019-2487 P-1991V-6.3.7 P-1991V-6.4.1 P-1991V-6.4.2 P-1991V-6.4.3 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-1991V-6.3.7 P-1991V-6.4.1 P-1991V-6.4.2 P-1991V-6.4.3 Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Session Management). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Fix has been released CVE-2019-2488 P-1199V-12.1.3 P-1199V-12.2.3 P-1199V-12.2.4 P-1199V-12.2.5 P-1199V-12.2.6 P-1199V-12.2.7 P-1199V-12.2.8 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-1199V-12.1.3 P-1199V-12.2.3 P-1199V-12.2.4 P-1199V-12.2.5 P-1199V-12.2.6 P-1199V-12.2.7 P-1199V-12.2.8 Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: OCM Query). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle One-to-One Fulfillment accessible data as well as unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). Fix has been released CVE-2019-2489 P-1379V-12.1.3 P-1379V-12.2.3 P-1379V-12.2.4 P-1379V-12.2.5 P-1379V-12.2.6 P-1379V-12.2.7 P-1379V-12.2.8 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-1379V-12.1.3 P-1379V-12.2.3 P-1379V-12.2.4 P-1379V-12.2.5 P-1379V-12.2.6 P-1379V-12.2.7 P-1379V-12.2.8 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Panel Processor). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N). Fix has been released CVE-2019-2490 P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 4.7 AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: Message Display). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N). Fix has been released CVE-2019-2491 P-950V-12.1.1 P-950V-12.1.2 P-950V-12.1.3 P-950V-12.2.3 P-950V-12.2.4 P-950V-12.2.5 P-950V-12.2.6 P-950V-12.2.7 P-950V-12.2.8 4.7 AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-950V-12.1.1 P-950V-12.1.2 P-950V-12.1.3 P-950V-12.2.3 P-950V-12.2.4 P-950V-12.2.5 P-950V-12.2.6 P-950V-12.2.7 P-950V-12.2.8 Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: Message Display). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N). Fix has been released CVE-2019-2492 P-950V-12.1.1 P-950V-12.1.2 P-950V-12.1.3 P-950V-12.2.3 P-950V-12.2.4 P-950V-12.2.5 P-950V-12.2.6 P-950V-12.2.7 P-950V-12.2.8 4.7 AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-950V-12.1.1 P-950V-12.1.2 P-950V-12.1.3 P-950V-12.2.3 P-950V-12.2.4 P-950V-12.2.5 P-950V-12.2.6 P-950V-12.2.7 P-950V-12.2.8 Vulnerability in the PeopleSoft Enterprise CS Campus Community component of Oracle PeopleSoft Products (subcomponent: Frameworks). Supported versions that are affected are 9.0 and 9.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Campus Community. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise CS Campus Community accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). Fix has been released CVE-2019-2493 P-5183V-9.0 P-5183V-9.2 3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5183V-9.0 P-5183V-9.2 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2019-2494 P-8478V-8.0.13 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8478V-8.0.13 and prior Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2019-2495 P-8478V-8.0.13 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8478V-8.0.13 and prior Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Messages). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N). Fix has been released CVE-2019-2496 P-1199V-12.1.3 P-1199V-12.2.3 P-1199V-12.2.4 P-1199V-12.2.5 P-1199V-12.2.6 P-1199V-12.2.7 P-1199V-12.2.8 4.7 AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-1199V-12.1.3 P-1199V-12.2.3 P-1199V-12.2.4 P-1199V-12.2.5 P-1199V-12.2.6 P-1199V-12.2.7 P-1199V-12.2.8 Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Messages). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Fix has been released CVE-2019-2497 P-1199V-12.1.3 P-1199V-12.2.3 P-1199V-12.2.4 P-1199V-12.2.5 P-1199V-12.2.6 P-1199V-12.2.7 P-1199V-12.2.8 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-1199V-12.1.3 P-1199V-12.2.3 P-1199V-12.2.4 P-1199V-12.2.5 P-1199V-12.2.6 P-1199V-12.2.7 P-1199V-12.2.8 Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: Partner Dash board). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Partner Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Partner Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Partner Management accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Fix has been released CVE-2019-2498 P-1065V-12.1.1 P-1065V-12.1.2 P-1065V-12.1.3 P-1065V-12.2.3 P-1065V-12.2.4 P-1065V-12.2.5 P-1065V-12.2.6 P-1065V-12.2.7 P-1065V-12.2.8 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-1065V-12.1.1 P-1065V-12.1.2 P-1065V-12.1.3 P-1065V-12.2.3 P-1065V-12.2.4 P-1065V-12.2.5 P-1065V-12.2.6 P-1065V-12.2.7 P-1065V-12.2.8 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Search Functionality). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2019-2499 P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Fix has been released CVE-2019-2500 P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 8.8 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N). Fix has been released CVE-2019-2501 P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 3.8 AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2019-2502 P-8478V-8.0.13 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8478V-8.0.13 and prior Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H). Fix has been released CVE-2019-2503 P-8478V-5.6.42 and prior P-8478V-5.7.24 and prior P-8478V-8.0.13 and prior 6.4 AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8478V-5.6.42 and prior P-8478V-5.7.24 and prior P-8478V-8.0.13 and prior Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N). Fix has been released CVE-2019-2504 P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 3.8 AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N). Fix has been released CVE-2019-2505 P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 3.8 AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N). Fix has been released CVE-2019-2506 P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 3.8 AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2019-2507 P-8478V-5.6.42 and prior P-8478V-5.7.24 and prior P-8478V-8.0.13 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8478V-5.6.42 and prior P-8478V-5.7.24 and prior P-8478V-8.0.13 and prior Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). Fix has been released CVE-2019-2508 P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 6.5 AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). Fix has been released CVE-2019-2509 P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 6.5 AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2019-2510 P-8478V-5.7.24 and prior P-8478V-8.0.13 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8478V-5.7.24 and prior P-8478V-8.0.13 and prior Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via SOAP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2019-2511 P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 8.4, 15.1, 15.2, 16.1, 16.2, 17.7-17.12 and 18.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2019-2512 P-5579V-8.4 P-5579V-15.1 P-5579V-15.2 P-5579V-16.1 P-5579V-16.2 P-5579V-17.7-17.12 P-5579V-18.8 4.7 AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5579V-8.4 P-5579V-15.1 P-5579V-15.2 P-5579V-16.1 P-5579V-16.2 P-5579V-17.7-17.12 P-5579V-18.8 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell). Supported versions that are affected are 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 2.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N). Fix has been released CVE-2019-2513 P-8478V-8.0.13 and prior 2.5 AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8478V-8.0.13 and prior Vulnerability in the PeopleSoft Enterprise SCM eProcurement component of Oracle PeopleSoft Products (subcomponent: Manage Requisition Status). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM eProcurement. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise SCM eProcurement, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise SCM eProcurement accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise SCM eProcurement accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2019-2519 P-5118V-9.2 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5118V-9.2 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H). Fix has been released CVE-2019-2520 P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 7.8 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H). Fix has been released CVE-2019-2521 P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 7.8 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H). Fix has been released CVE-2019-2522 P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 7.8 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H). Fix has been released CVE-2019-2523 P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 7.8 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Fix has been released CVE-2019-2524 P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 8.8 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 5.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N). Fix has been released CVE-2019-2525 P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 5.6 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H). Fix has been released CVE-2019-2526 P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 7.8 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.26 and prior to 6.0.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). Fix has been released CVE-2019-2527 P-8370V-prior to 5.2.26 P-8370V-prior to 6.0.4 6.5 AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8370V-prior to 5.2.26 P-8370V-prior to 6.0.4 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2019-2528 P-8478V-5.7.24 and prior P-8478V-8.0.13 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8478V-5.7.24 and prior P-8478V-8.0.13 and prior Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2019-2529 P-8478V-5.6.42 and prior P-8478V-5.7.24 and prior P-8478V-8.0.13 and prior 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8478V-5.6.42 and prior P-8478V-5.7.24 and prior P-8478V-8.0.13 and prior Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2019-2530 P-8478V-8.0.13 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8478V-8.0.13 and prior Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2019-2531 P-8478V-5.6.42 and prior P-8478V-5.7.24 and prior P-8478V-8.0.13 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8478V-5.6.42 and prior P-8478V-5.7.24 and prior P-8478V-8.0.13 and prior Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2019-2532 P-8478V-5.7.24 and prior P-8478V-8.0.13 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8478V-5.7.24 and prior P-8478V-8.0.13 and prior Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N). Fix has been released CVE-2019-2533 P-8478V-8.0.13 and prior 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8478V-8.0.13 and prior Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N). Fix has been released CVE-2019-2534 P-8478V-5.6.42 and prior P-8478V-5.7.24 and prior P-8478V-8.0.13 and prior 7.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8478V-5.6.42 and prior P-8478V-5.7.24 and prior P-8478V-8.0.13 and prior Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 8.0.13 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2019-2535 P-8478V-8.0.13 and prior 4.1 AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8478V-8.0.13 and prior Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 8.0.13 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:N/A:H). Fix has been released CVE-2019-2536 P-8478V-8.0.13 and prior 5.0 AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8478V-8.0.13 and prior Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2019-2537 P-8478V-5.6.42 and prior P-8478V-5.7.24 and prior P-8478V-8.0.13 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8478V-5.6.42 and prior P-8478V-5.7.24 and prior P-8478V-8.0.13 and prior Vulnerability in the Oracle Managed File Transfer component of Oracle Fusion Middleware (subcomponent: MFT Runtime Server). Supported versions that are affected are 19.1.0.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Managed File Transfer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Managed File Transfer accessible data as well as unauthorized read access to a subset of Oracle Managed File Transfer accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N). Fix has been released CVE-2019-2538 P-10198V-19.1.0.0.0 P-10198V-12.2.1.3.0 7.1 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-10198V-19.1.0.0.0 P-10198V-12.2.1.3.0 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Fix has been released CVE-2019-2539 P-8478V-8.0.13 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8478V-8.0.13 and prior Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java Advanced Management Console. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java Advanced Management Console, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java Advanced Management Console accessible data as well as unauthorized read access to a subset of Java Advanced Management Console accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2019-2540 P-856V-Java Advanced Management Console: 2.12 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-856V-Java Advanced Management Console: 2.12 Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: DHCP Client). The supported version that is affected is 10. Difficult to exploit vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2019-2541 P-10006V-10 7.5 AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-10006V-10 Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via KSSL to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Fix has been released CVE-2019-2543 P-10006V-10 P-10006V-11 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-10006V-10 P-10006V-11 Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.0 Base Score 4.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Fix has been released CVE-2019-2544 P-10006V-10 P-10006V-11 4.0 AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-10006V-10 P-10006V-11 Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: LDoms IO). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 4.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Fix has been released CVE-2019-2545 P-10006V-10 P-10006V-11 4.0 AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-10006V-10 P-10006V-11 Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: SQL Extensions). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Applications Manager accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Applications Manager. CVSS 3.0 Base Score 8.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H). Fix has been released CVE-2019-2546 P-99V-12.1.1 P-99V-12.1.2 P-99V-12.1.3 P-99V-12.2.3 P-99V-12.2.4 P-99V-12.2.5 P-99V-12.2.6 P-99V-12.2.7 P-99V-12.2.8 8.1 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-99V-12.1.1 P-99V-12.1.2 P-99V-12.1.3 P-99V-12.2.3 P-99V-12.2.4 P-99V-12.2.5 P-99V-12.2.6 P-99V-12.2.7 P-99V-12.2.8 Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java VM. CVSS 3.0 Base Score 3.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L). Fix has been released CVE-2019-2547 P-5V-11.2.0.4 P-5V-12.1.0.2 P-5V-12.2.0.1 P-5V-18c 3.5 AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-5V-11.2.0.4 P-5V-12.1.0.2 P-5V-12.2.0.1 P-5V-18c Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Fix has been released CVE-2019-2548 P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Logoff Page). The supported version that is affected is 12.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Direct Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Direct Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Fix has been released CVE-2019-2549 P-9111V-12.0.2 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-9111V-12.0.2 Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Logoff Page). The supported version that is affected is 12.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Direct Banking accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). Fix has been released CVE-2019-2550 P-9111V-12.0.2 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-9111V-12.0.2 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Fix has been released CVE-2019-2552 P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 8.8 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N). Fix has been released CVE-2019-2553 P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 3.8 AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). Fix has been released CVE-2019-2554 P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 6.5 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). Fix has been released CVE-2019-2555 P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 6.5 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). Fix has been released CVE-2019-2556 P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2 6.5 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CPUJan2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujan2019.html P-8370V-prior to 5.2.24 P-8370V-prior to 6.0.2