Oracle Critical Patch Update Advisory - July 2021 - Oracle CVRF Oracle Critical Patch Update Advisory CPUJul2021 Final 6.0 6.0 2021-08-19T15:00:00-07:00 Updated CVSS scores for Outside In Technology 2021-07-20T13:00:00-07:00 2021-08-19T15:00:00-07:00 This document contains descriptions of Oracle product security vulnerabilities which have had security patches released for all supported versions and platforms for the associated product. Additional information regarding these vulnerabilities including security patch distribution information can be found at the Oracle sites referenced in this document. This document is published at: https://www.oracle.com/a/tech/docs/cpujul2021cvrf.xml https://www.oracle.com/security-alerts/cpujul2021.html URL to html version of Advisory 0xfoxone 0xfoxone Abhishek Morla Abhishek Morla Adeel Khan Adeel Khan Aleksey Shipilev Red Hat Varnavas Papaioannou Andrej Simko Accenture Anonymous researcher working with Trend Micro's Zero Day Initiative Armaan Khurshid Pathan of Emirates Group Ashik Kunjumon Ashik Kunjumon Billy Jheng Bing Jhong of STAR Labs Boumediene Kaddour Boumediene Kaddour Brian Reilly Brian Reilly Devin Rosenbauer Identity Works LLC Dimitris Doganos COSMOTE - Mobile Telecommunications S.A. Eddie Zhu of Beijing DBSEC Technology Co., Ltd Emad Al-Mousa Emad Al-Mousa Faraz Khan from Emirates Group Filip Ceglik Filip Ceglik Gaurang Maheta gaurang maheta Gianluca Danesin Mondadori Girlelecta Girlelecta Guillaume Jacques synacktiv Hamoud Al-Helmani Hamoud Al-Helmani Haya Shulman Fraunhofer.de Huixin Ma of Tencent.com Husnain Iqbal Husnain Iqbal Information Security Management Information Security Management Jang Laptop of VNPT ISC working with Trend Micro Zero Day Initiative KPC Trend Micro's Zero Day Initiative Kajetan Rostojek Kajetan Rostojek Khalid matar Alharthi Khalid matar Alharthi Li Boheng Li Boheng thiscodecc of MoyunSec V-Lab Longofo Knownsec 404 Team Maciej Grabiec of ING Tech Poland Markus Loewe Markus Loewe Martin Neumann Accenture Matthias Kaiser of Apple Information Security Mohamed Ahmed Naji Mohit Rawat Mohit Rawat Moritz Bechler SySS GmbH Naman Shah Naman Shah Nik Czuprinski Nik Czuprinski Okan Basegmez Paul Barbé synacktiv Peterjson of RedTeam@VNG Corporation working with Trend Micro Zero Day Initiative Philipp Jeitner Fraunhofer.de Pratik Khalane Pratik Khalane Qiguang Zhu Qiguang Zhu Quynh Le of VNPT ISC working with Trend Micro Zero Day Initiative Rajnish Kumar Gupta Rajnish Kumar Gupta Rakan Abdulrahman Al Khaled Sakhare Vinayak Sakhare Vinayak Snigdha Priya Snigdha Priya Sohamin Durkar Sohamin Durkar Stefano Barber Stefano Barber Tech Zone Tech Zone Théo Louis-Tisserand synacktiv Ved Prabhu Ved Prabhu Vishnu Dev T J working with Trend Micro's Zero Day Initiative Vivek Panday Vivek Panday Waleed Ezz Eldin of Cysiv (Previously SecureMisr) Yaoguang Chen Ant Security Light-Year Lab Yash Sharma Yash Sharma Zach Edwards victorymedium.com Zoe Pentaleri Zoe Pentaleri Max Van Amerongen (maxpl0it) r00t4dm at Cloud-Penetrating Arrow Lab Marwan Albahar threedr3am threedr3am Big Data Spatial and Graph Version All Supported Versions Big Data Spatial and Graph Version Prior to 2.0 Big Data Spatial and Graph Version Prior to 23.1 Commerce Platform Version 11.0.0 Commerce Platform Version 11.1.0 Commerce Platform Version 11.2.0 Commerce Platform Version 11.3.0-11.3.2 Commerce Merchandising Version 11.1.0 Commerce Merchandising Version 11.2.0 Commerce Merchandising Version 11.3.0-11.3.2 Commerce Service Center Version 11.0.0 Commerce Service Center Version 11.1.0 Commerce Service Center Version 11.2.0 Commerce Service Center Version 11.3.0-11.3.2 Commerce Guided Search / Oracle Commerce Experience Manager Version 11.3.1.5 Commerce Guided Search / Oracle Commerce Experience Manager Version 11.3.2 Communications Services Gatekeeper Version 7.0 Communications EAGLE (Software) Version 46.6.0-46.8.2 Communications Application Session Controller Version 3.9 Communications Diameter Signaling Router (DSR) Version 8.0.0-8.5.0 Communications Evolved Communications Application Server Version 7.1 SD-WAN Edge Version 8.2 SD-WAN Edge Version 9.0 SD-WAN Edge Version 9.1 SD-WAN Aware Version 8.2 SD-WAN Aware Version 9.0 Communications Cloud Native Core Service Communication Proxy Version 1.5.2 Communications Cloud Native Core Unified Data Repository Version 1.4.0 Communications Cloud Native Core Unified Data Repository Version 1.6.0 Communications Cloud Native Core Security Edge Protection Proxy Version 1.7.0 Communications Cloud Native Core Network Function Cloud Native Environment Version 1.4.0 Communications Cloud Native Core Network Function Cloud Native Environment Version 1.7.0 Communications Cloud Native Core Network Slice Selection Function Version 1.2.1 Communications Cloud Native Core Console Version 1.4.0 Communications Cloud Native Core Policy Version 1.5.0 Communications Cloud Native Core Policy Version 1.9.0 Communications Billing and Revenue Management Version 12.0.0.3.0 Communications Billing and Revenue Management Version 7.5.0.23.0 Communications Offline Mediation Controller Version 12.0.0.3.0 Communications Design Studio Version 7.4.2 Communications Unified Inventory Management Version 7.3.2 Communications Unified Inventory Management Version 7.3.4 Communications Unified Inventory Management Version 7.3.5 Communications Unified Inventory Management Version 7.4.0 Communications Unified Inventory Management Version 7.4.1 Communications Network Charging and Control Version 12.0.1.0-12.0.4.0 Communications Network Charging and Control Version 12.0.4.0.0 Communications Network Charging and Control Version 6.0.1.0 Communications Instant Messaging Server Version 10.0.1.4.0 Communications Pricing Design Center Version 12.0.0.3.0 Communications BRM - Elastic Charging Engine Version 11.3.0.9.0 Communications BRM - Elastic Charging Engine Version 12.0.0.3.0 Communications Convergent Charging Controller Version 12.0.4.0.0 Primavera P6 Enterprise Project Portfolio Management Version 17.12.0-17.12.20 Primavera P6 Enterprise Project Portfolio Management Version 18.8.0-18.8.23 Primavera P6 Enterprise Project Portfolio Management Version 19.12.0-19.12.14 Primavera P6 Enterprise Project Portfolio Management Version 20.12.0-20.12.3 Primavera Unifier Version 17.7-17.12 Primavera Unifier Version 18.8 Primavera Unifier Version 19.12 Primavera Unifier Version 20.12 Instantis EnterpriseTrack Version 17.1 Instantis EnterpriseTrack Version 17.2 Instantis EnterpriseTrack Version 17.3 Primavera Gateway Version 17.12.0-17.12.11 Primavera Gateway Version 18.8.0-18.8.11 Primavera Gateway Version 19.12.0-19.12.10 Primavera Gateway Version 20.12.0 Database - Enterprise Edition Version 12.1.0.2 Database - Enterprise Edition Version 12.2.0.1 Database - Enterprise Edition Version 19c Database - Enterprise Edition Version All Supported Versions Text Version 12.1.0.2 Text Version 12.2.0.1 Text Version 19c Advanced Networking Option Version 12.1.0.2 Advanced Networking Option Version 12.2.0.1 Advanced Networking Option Version 19c Spatial and Graph Version 12.2.0.1 Spatial and Graph Version 19c Spatial and Graph Version All Supported Versions Universal Installer Version All Supported Versions Application Express (APEX) Version Prior to 21.1.0.00.01 Application Express (APEX) Version Prior to 21.1.0.00.04 Public Sector Financials (International) Version 12.1.1-12.1.3 Workflow Version 12.1.3 Workflow Version 12.2.3-12.2.10 iSupplier Portal Version 12.1.1-12.1.3 iSupplier Portal Version 12.2.3-12.2.10 Marketing Version 12.1.1-12.1.3 Marketing Version 12.2.3-12.2.10 Advanced Inbound Telephony Version 12.1.1-12.1.3 Advanced Inbound Telephony Version 12.2.3-12.2.10 Time and Labor Version 12.1.1-12.1.3 Time and Labor Version 12.2.3-12.2.10 Human Resources Version 12.1.1-12.1.3 Engineering Version 12.2.3-12.2.10 Field Service Version 12.1.1-12.1.3 Advanced Outbound Telephony Version 12.1.1-12.1.3 Advanced Outbound Telephony Version 12.2.3-12.2.10 Collaborative Planning Version 12.1.1-12.1.3 Approvals Management Version 12.1.1-12.1.3 Web Applications Desktop Integrator Version 12.1.3 Web Applications Desktop Integrator Version 12.2.3-12.2.10 Common Applications Version 12.1.1-12.1.3 Common Applications Version 12.2.3-12.2.10 E-Records Version 12.1.1-12.1.3 E-Records Version 12.2.3-12.2.10 Applications Framework Version 12.1.3 Applications Framework Version 12.2.3-12.2.10 Enterprise Manager Base Platform Version 13.4.0.0 Configuration Manager Version 12.1.2.0.8 Application Testing Suite Version 13.3.0.1 Hyperion Analytic Provider Services Version 11.1.2.4 Hyperion Analytic Provider Services Version 21.2 Hyperion Essbase Version 21.2 Hyperion Essbase Administration Services Version 11.1.2.4 Hyperion Essbase Administration Services Version 21.2 Financial Services Analytical Applications Infrastructure Version 8.0.6-8.0.9 Financial Services Analytical Applications Infrastructure Version 8.1.0 Financial Services Analytical Applications Infrastructure Version 8.1.1 FLEXCUBE Universal Banking Version 12.0-12.4 FLEXCUBE Universal Banking Version 12.3 FLEXCUBE Universal Banking Version 12.4 FLEXCUBE Universal Banking Version 14.0-14.4 FLEXCUBE Universal Banking Version 14.1.0-14.4.0 FLEXCUBE Private Banking Version 12.0.0 FLEXCUBE Private Banking Version 12.1.0 Banking Platform Version 2.12.0 Banking Platform Version 2.4.0 Banking Platform Version 2.7.1 Banking Platform Version 2.9.0 Financial Services Revenue Management and Billing Analytics Version 2.7.0 Financial Services Revenue Management and Billing Analytics Version 2.8.0 Financial Services Regulatory Reporting with AgileREPORTER Version 8.0.9.6.3 Banking Liquidity Management Version 14.2 Banking Liquidity Management Version 14.3 Banking Liquidity Management Version 14.5 Banking Enterprise Default Management Version 2.10.0 Banking Enterprise Default Management Version 2.12.0 Banking Party Management Version 2.7.0 Financial Services Crime and Compliance Investigation Hub Version 20.1.2 Banking Treasury Management Version 14.4 Hospitality Reporting and Analytics Version 9.1.0 MICROS Workstation 6 Version 610-655 MICROS Workstation 5A Version 5A MICROS Kitchen Display System Hardware Version 210 MICROS Compact Workstation 3 Version 310 MICROS ES400 Series Version 400-410 JDeveloper Version 12.2.1.4.0 Fusion Middleware MapViewer Version 12.2.1.4.0 BI Publisher (formerly XML Publisher) Version 11.1.1.9.0 BI Publisher (formerly XML Publisher) Version 12.2.1.3.0 BI Publisher (formerly XML Publisher) Version 12.2.1.4.0 BI Publisher (formerly XML Publisher) Version 5.5.0.0.0 BAM (Business Activity Monitoring) Version 11.1.1.9.0 BAM (Business Activity Monitoring) Version 12.2.1.3.0 BAM (Business Activity Monitoring) Version 12.2.1.4.0 WebCenter Portal Version 11.1.1.9.0 WebCenter Portal Version 12.2.1.3.0 WebCenter Portal Version 12.2.1.4.0 Identity Manager Version 11.1.2.2.0 Identity Manager Version 11.1.2.3.0 Identity Manager Version 12.2.1.3.0 Identity Manager Version 12.2.1.4.0 Business Intelligence Enterprise Edition Version 12.2.1.4.0 Data Integrator Version 12.2.1.3.0 Data Integrator Version 12.2.1.4.0 Outside In Technology Version 8.5.5 Coherence Version 12.1.3.0.0 Coherence Version 12.2.1.3.0 Coherence Version 12.2.1.4.0 Coherence Version 14.1.1.0.0 Coherence Version 3.7.1.0 Real-Time Decisions (RTD) Solutions Version 3.2.0.0 WebLogic Server Version 10.3.6.0.0 WebLogic Server Version 12.1.3.0.0 WebLogic Server Version 12.2.1.3.0 WebLogic Server Version 12.2.1.4.0 WebLogic Server Version 14.1.1.0.0 Enterprise Repository Version 11.1.1.7.0 Access Manager Version 11.1.2.3.0 GoldenGate Big Data and Application Adapters Version 19.1.0.0.0 Enterprise Data Quality Version 12.2.1.3.0 Enterprise Data Quality Version 12.2.1.4.0 Managed File Transfer Version 12.2.1.3.0 Managed File Transfer Version 12.2.1.4.0 MICROS BellaVita Version 8.13 MICROS BellaVita Version 8.14 Hyperion BI+ Version 11.1.2.4 Hyperion BI+ Version 11.2.5.0 Hyperion Infrastructure Technology Version 11.1.2.4 Hyperion Infrastructure Technology Version 11.2.5.0 Hyperion Financial Reporting Version 11.1.2.4 Hyperion Financial Reporting Version 11.2.5.0 Insurance Policy Administration J2EE Version 11.0.2 Insurance Policy Administration J2EE Version 11.1.0-11.3.0 Insurance Policy Administration J2EE Version 11.2.0 Insurance Policy Administration J2EE Version 11.3.0 Insurance Rules Palette Version 11.0.2 Insurance Rules Palette Version 11.1.0-11.3.0 JD Edwards EnterpriseOne Tools Version 9.2.5.3 and Prior JD Edwards EnterpriseOne Tools Version 9.2.5.3 and prior JD Edwards EnterpriseOne Orchestrator Version 9.2.5.3 and Prior JD Edwards EnterpriseOne Orchestrator Version 9.2.5.3 and prior Java SE JDK and JRE Version Java SE:11.0.11 Java SE JDK and JRE Version Java SE:16.0.1 Java SE JDK and JRE Version Java SE:7u301 Java SE JDK and JRE Version Java SE:8u291 Java SE JDK and JRE Version Oracle GraalVM Enterprise Edition:20.3.2 Java SE JDK and JRE Version Oracle GraalVM Enterprise Edition:21.1.0 GraalVM Enterprise Edition Version Oracle GraalVM Enterprise Edition:20.3.2 GraalVM Enterprise Edition Version Oracle GraalVM Enterprise Edition:21.1.0 MySQL Server Version 5.7.34 and prior MySQL Server Version 8.0.21 and prior MySQL Server Version 8.0.23 and prior MySQL Server Version 8.0.25 and prior MySQL Cluster Version 8.0.25 and prior MySQL Enterprise Monitor Version 8.0.23 and prior MySQL Connectors Version 8.0.23 and prior PeopleSoft Enterprise HCM Candidate Gateway Version 9.2 PeopleSoft Enterprise PT PeopleTools Version 8.57 PeopleSoft Enterprise PT PeopleTools Version 8.58 PeopleSoft Enterprise PT PeopleTools Version 8.58. 8.59 PeopleSoft Enterprise PT PeopleTools Version 8.59 PeopleSoft Enterprise CS Campus Community Version 9.0 PeopleSoft Enterprise CS Campus Community Version 9.2 PeopleSoft Enterprise HCM Shared Components Version 9.2 Policy Automation Version 12.2.0-12.2.22 Retail Integration Bus Version 14.1.3.2 Retail Integration Bus Version 15.0.3.1 Retail Integration Bus Version 16.0.3.0 Retail Merchandising System Version 14.1.3.2 Retail Merchandising System Version 15.0.3.1 Retail Merchandising System Version 16.0.3 Retail Price Management Version 14.0 Retail Price Management Version 14.1 Retail Price Management Version 15.0 Retail Price Management Version 16.0 Retail Back Office Version 14.1 Retail Central Office Version 14.1 Retail Point-of-Service Version 14.1 Retail Returns Management Version 14.1 Retail Financial Integration Version 14.1.3.2 Retail Financial Integration Version 15.0.3.1 Retail Financial Integration Version 16.0.3.0 Retail Service Backbone Version 14.1.3.2 Retail Service Backbone Version 15.0.3.1 Retail Service Backbone Version 16.0.3.0 Retail Xstore Point of Service Version 16.0.6 Retail Xstore Point of Service Version 17.0.4 Retail Xstore Point of Service Version 18.0.3 Retail Xstore Point of Service Version 19.0.2 Retail Xstore Point of Service Version 20.0.1 Retail Customer Management and Segmentation Foundation Cloud Service Version 16.0-19.0 Retail Order Management System Cloud Service Version 19.5 Retail Order Broker Cloud Service Version 15.0 Retail Order Broker Cloud Service Version 16.0 Retail Customer Management and Segmentation Foundation Version 16.0-19.0 Retail Customer Management and Segmentation Foundation Version 19.0 Siebel Apps - Marketing Version 21.5 and Prior Siebel Core - Automation Version 21.5 and Prior Siebel Core - Server Framework Version 21.5 and Prior Transportation Management Version 6.4.3 Agile Engineering Data Management Version 6.2.1.0 Agile PLM Framework Version 9.3.3 Agile PLM Framework Version 9.3.5 Agile PLM Framework Version 9.3.6 OSS Support Tools Version Prior to 2.12.41 Solaris Cluster Version 4.4 Solaris Operating System Version 11 Sun ZFS Storage Appliance Kit (AK) Software Version 8.8 Tape General STA - StorageTek Tape Analytics SW Tool Version 2.3 Fujitsu SPARC Servers Firmware Version Prior to XCP2400 Fujitsu SPARC Servers Firmware Version prior to XCP3100 VM VirtualBox Version Prior to 6.1.24 Secure Global Desktop Version 5.6 Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: UI Infrastructure (Apache Xerces2 Java Parser)). The supported version that is affected is 6.4.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Transportation Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2012-0881 P-1991V-6.4.3 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Transportation Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787997.1 P-1991V-6.4.3 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Third Party Tools (Apache Standard Taglibs)). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Security patch has been released CVE-2015-0254 P-5242V-10.3.6.0.0 P-5242V-12.1.3.0.0 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L WebLogic Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-5242V-10.3.6.0.0 P-5242V-12.1.3.0.0 Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: Provisioning (Apache Tomcat)). Supported versions that are affected are 8.0.0-8.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router (DSR) accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). Security patch has been released CVE-2016-0762 P-10899V-8.0.0-8.5.0 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Communications Diameter Signaling Router (DSR) Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787208.1 P-10899V-8.0.0-8.5.0 Vulnerability in the Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers product of Oracle Systems (component: XCP Firmware (glibc)). Supported versions that are affected are Prior to XCP2400 and prior to XCP3100. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2016-4429 P-10656V-Prior to XCP2400 P-10656V-prior to XCP3100 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Fujitsu SPARC Servers Firmware Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2788472.1 P-10656V-Prior to XCP2400 P-10656V-prior to XCP3100 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: UI Framework (AntiSamy)). The supported version that is affected is 13.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Enterprise Manager Base Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2017-14735 P-1370V-13.4.0.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Enterprise Manager Base Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-1370V-13.4.0.0 Vulnerability in the Hyperion Infrastructure Technology product of Oracle Hyperion (component: Common Security (AntiSamy)). Supported versions that are affected are 11.1.2.4 and 11.2.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Infrastructure Technology. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hyperion Infrastructure Technology, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion Infrastructure Technology accessible data as well as unauthorized read access to a subset of Hyperion Infrastructure Technology accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2017-14735 P-4392V-11.1.2.4 P-4392V-11.2.5.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Hyperion Infrastructure Technology Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-4392V-11.1.2.4 P-4392V-11.2.5.0 Vulnerability in the Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers product of Oracle Systems (component: XCP Firmware (libxml2)). Supported versions that are affected are Prior to XCP2400 and prior to XCP3100. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers. Successful attacks of this vulnerability can result in takeover of Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2017-16931 P-10656V-Prior to XCP2400 P-10656V-prior to XCP3100 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Fujitsu SPARC Servers Firmware Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2788472.1 P-10656V-Prior to XCP2400 P-10656V-prior to XCP3100 Vulnerability in the Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers product of Oracle Systems (component: XCP Firmware (NSS)). Supported versions that are affected are Prior to XCP2400 and prior to XCP3100. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers. Successful attacks of this vulnerability can result in takeover of Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2017-5461 P-10656V-Prior to XCP2400 P-10656V-prior to XCP3100 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Fujitsu SPARC Servers Firmware Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2788472.1 P-10656V-Prior to XCP2400 P-10656V-prior to XCP3100 Vulnerability in the Siebel Core - Server Framework product of Oracle Siebel CRM (component: Cloud Gateway (Zookeeper)). Supported versions that are affected are 21.5 and Prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Core - Server Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel Core - Server Framework. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2017-5637 P-9001V-21.5 and Prior 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Siebel Core - Server Framework Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787995.1 P-9001V-21.5 and Prior Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Configuration (Jetty)). The supported version that is affected is 1.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Policy accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2017-9735 P-14277V-1.5.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Communications Cloud Native Core Policy Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2791658.1 P-14277V-1.5.0 Vulnerability in the Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers product of Oracle Systems (component: XCP Firmware (OpenSSL)). Supported versions that are affected are Prior to XCP2400 and prior to XCP3100. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Security patch has been released CVE-2018-0739 P-10656V-Prior to XCP2400 P-10656V-prior to XCP3100 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Fujitsu SPARC Servers Firmware Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2788472.1 P-10656V-Prior to XCP2400 P-10656V-prior to XCP3100 Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Signaling (Calico)). The supported version that is affected is 1.4.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Network Function Cloud Native Environment executes to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Function Cloud Native Environment. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2018-15686 P-14125V-1.4.0 6.3 AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H Communications Cloud Native Core Network Function Cloud Native Environment Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2791656.1 P-14125V-1.4.0 Vulnerability in the Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers product of Oracle Systems (component: XCP Firmware (NTP)). Supported versions that are affected are Prior to XCP2400 and prior to XCP3100. Easily exploitable vulnerability allows unauthenticated attacker with network access via NTP to compromise Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers. Successful attacks of this vulnerability can result in takeover of Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2018-7183 P-10656V-Prior to XCP2400 P-10656V-prior to XCP3100 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Fujitsu SPARC Servers Firmware Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2788472.1 P-10656V-Prior to XCP2400 P-10656V-prior to XCP3100 Vulnerability in the Essbase product of Oracle Essbase (component: Infrastructure (OpenSSL)). The supported version that is affected is 21.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Essbase. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Essbase. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-0190 P-4379V-21.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Hyperion Essbase Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-4379V-21.2 Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (Apache cordova-plugin-inappbrowser)). Supported versions that are affected are 16.0.6, 17.0.4, 18.0.3 and 19.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in takeover of Oracle Retail Xstore Point of Service. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-0219 P-11513V-16.0.6 P-11513V-17.0.4 P-11513V-18.0.3 P-11513V-19.0.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Retail Xstore Point of Service Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2783353.1 P-11513V-16.0.6 P-11513V-17.0.4 P-11513V-18.0.3 P-11513V-19.0.2 Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Onboarding (Apache PDFbox)). Supported versions that are affected are 14.2, 14.3 and 14.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in takeover of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-0228 P-13304V-14.2 P-13304V-14.3 P-13304V-14.5 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Banking Liquidity Management Oracle customers with valid support contracts https://support.oracle.com P-13304V-14.2 P-13304V-14.3 P-13304V-14.5 Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Load Testing for Web Apps (Apache Commons BeanUtils)). The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Testing Suite accessible data as well as unauthorized read access to a subset of Oracle Application Testing Suite accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Testing Suite. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Security patch has been released CVE-2019-10086 P-4622V-13.3.0.1 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Application Testing Suite Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-4622V-13.3.0.1 Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Signaling (Apache Commons BeanUtils)). The supported version that is affected is 1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Console. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Console accessible data as well as unauthorized read access to a subset of Oracle Communications Cloud Native Core Console accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Console. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Security patch has been released CVE-2019-10086 P-14250V-1.4.0 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Communications Cloud Native Core Console Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2791671.1 P-14250V-1.4.0 Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Measurements (Apache Commons BeanUtils)). The supported version that is affected is 1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Policy accessible data as well as unauthorized read access to a subset of Oracle Communications Cloud Native Core Policy accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Security patch has been released CVE-2019-10086 P-14277V-1.9.0 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Communications Cloud Native Core Policy Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2791658.1 P-14277V-1.9.0 Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Measurements (Apache Commons BeanUtils)). The supported version that is affected is 1.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Unified Data Repository accessible data as well as unauthorized read access to a subset of Oracle Communications Cloud Native Core Unified Data Repository accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Security patch has been released CVE-2019-10086 P-14119V-1.6.0 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Communications Cloud Native Core Unified Data Repository Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2791683.1 P-14119V-1.6.0 Vulnerability in the Oracle Communications Evolved Communications Application Server product of Oracle Communications (component: Managing and Using Subscriber Data (Apache Commons BeanUtils)). The supported version that is affected is 7.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Evolved Communications Application Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Evolved Communications Application Server accessible data as well as unauthorized read access to a subset of Oracle Communications Evolved Communications Application Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Evolved Communications Application Server. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Security patch has been released CVE-2019-10086 P-10994V-7.1 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Communications Evolved Communications Application Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787205.1 P-10994V-7.1 Vulnerability in the Oracle Communications Pricing Design Center product of Oracle Communications Applications (component: Transformation for PDC (Apache Commons BeanUtils)). The supported version that is affected is 12.0.0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Pricing Design Center. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Pricing Design Center accessible data as well as unauthorized read access to a subset of Oracle Communications Pricing Design Center accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Pricing Design Center. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Security patch has been released CVE-2019-10086 P-9437V-12.0.0.3.0 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Communications Pricing Design Center Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2785183.1 P-9437V-12.0.0.3.0 Vulnerability in the Oracle Financial Services Revenue Management and Billing Analytics product of Oracle Financial Services Applications (component: Dashboards (Apache Commons BeanUtils)). Supported versions that are affected are 2.7.0 and 2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing Analytics. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Revenue Management and Billing Analytics accessible data as well as unauthorized read access to a subset of Oracle Financial Services Revenue Management and Billing Analytics accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Revenue Management and Billing Analytics. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Security patch has been released CVE-2019-10086 P-11527V-2.7.0 P-11527V-2.8.0 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Financial Services Revenue Management and Billing Analytics Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2767127.1 P-11527V-2.7.0 P-11527V-2.8.0 Vulnerability in the Real-Time Decisions (RTD) Solutions product of Oracle Fusion Middleware (component: WLS Deployment Template for RT (Apache Commons BeanUtils)). The supported version that is affected is 3.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Real-Time Decisions (RTD) Solutions. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Real-Time Decisions (RTD) Solutions accessible data as well as unauthorized read access to a subset of Real-Time Decisions (RTD) Solutions accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Real-Time Decisions (RTD) Solutions. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Security patch has been released CVE-2019-10086 P-4509V-3.2.0.0 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Real-Time Decisions (RTD) Solutions Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-4509V-3.2.0.0 Vulnerability in the Oracle Retail Merchandising System product of Oracle Retail Applications (component: Foundation (Apache Commons BeanUtils)). The supported version that is affected is 15.0.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Merchandising System. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Merchandising System accessible data as well as unauthorized read access to a subset of Oracle Retail Merchandising System accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Merchandising System. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Security patch has been released CVE-2019-10086 P-1816V-15.0.3.1 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Retail Merchandising System Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2783353.1 P-1816V-15.0.3.1 Vulnerability in the Oracle Retail Price Management product of Oracle Retail Applications (component: Manage Allocation (Apache Commons BeanUtils)). Supported versions that are affected are 14.0, 14.1, 15.0 and 16.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Price Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Price Management accessible data as well as unauthorized read access to a subset of Oracle Retail Price Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Price Management. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Security patch has been released CVE-2019-10086 P-1824V-14.0 P-1824V-14.1 P-1824V-15.0 P-1824V-16.0 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Retail Price Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2783353.1 P-1824V-14.0 P-1824V-14.1 P-1824V-15.0 P-1824V-16.0 Vulnerability in the Oracle Solaris Cluster product of Oracle Systems (component: Application Integration (Apache Commons BeanUtils)). The supported version that is affected is 4.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Solaris Cluster. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris Cluster accessible data as well as unauthorized read access to a subset of Oracle Solaris Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris Cluster. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Security patch has been released CVE-2019-10086 P-10005V-4.4 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Solaris Cluster Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2788472.1 P-10005V-4.4 Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (Kibana)). The supported version that is affected is 1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Function Cloud Native Environment. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-10746 P-14125V-1.4.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Communications Cloud Native Core Network Function Cloud Native Environment Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2791656.1 P-14125V-1.4.0 Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: UI Platform (jQuery)). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Identity Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Identity Manager accessible data as well as unauthorized read access to a subset of Identity Manager accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-11358 P-1980V-12.2.1.3.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Identity Manager Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-1980V-12.2.1.3.0 Vulnerability in the Oracle Communications EAGLE Software product of Oracle Communications (component: Measurements (VxWorks)). Supported versions that are affected are 46.6.0-46.8.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications EAGLE Software. Successful attacks of this vulnerability can result in takeover of Oracle Communications EAGLE Software. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-12260 P-10768V-46.6.0-46.8.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Communications EAGLE (Software) Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787243.1 P-10768V-46.6.0-46.8.2 Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Measurements (Apache Kafka)). The supported version that is affected is 1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Policy accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2019-12399 P-14277V-1.9.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Communications Cloud Native Core Policy Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2791658.1 P-14277V-1.9.0 Vulnerability in the Essbase product of Oracle Essbase (component: Infrastructure (Apache Commons Compress)). The supported version that is affected is 21.2. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the Essbase executes to compromise Essbase. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Essbase accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Essbase. CVSS 3.1 Base Score 4.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L). Security patch has been released CVE-2019-12402 P-4379V-21.2 4.1 AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L Hyperion Essbase Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-4379V-21.2 Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: Oracle JDeveloper (Apache Commons Compress)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle JDeveloper. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-12402 P-807V-12.2.1.4.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H JDeveloper Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-807V-12.2.1.4.0 Security-in-Depth issue in the Oracle Database Migration Assistant for Unicode (Apache POI) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2019-12415 P-5V-All Supported Versions 0.0 Database - Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-5V-All Supported Versions Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: OAM (Apache POI)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle JDeveloper executes to compromise Oracle JDeveloper. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle JDeveloper accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2019-12415 P-807V-12.2.1.4.0 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N JDeveloper Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-807V-12.2.1.4.0 Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security (Quartz)). Supported versions that are affected are 9.2.5.3 and Prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Orchestrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-13990 P-11681V-9.2.5.3 and Prior 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H JD Edwards EnterpriseOne Orchestrator Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787996.1 P-11681V-9.2.5.3 and Prior Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Configuration (Nimbus JOSE+JWT)). The supported version that is affected is 1.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-17195 P-14123V-1.7.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Communications Cloud Native Core Security Edge Protection Proxy Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2791680.1 P-14123V-1.7.0 Vulnerability in the Oracle Communications Pricing Design Center product of Oracle Communications Applications (component: CNE (Nimbus JOSE+JWT)). The supported version that is affected is 12.0.0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Pricing Design Center. Successful attacks of this vulnerability can result in takeover of Oracle Communications Pricing Design Center. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-17195 P-9437V-12.0.0.3.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Communications Pricing Design Center Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2785183.1 P-9437V-12.0.0.3.0 Vulnerability in the Oracle Data Integrator product of Oracle Fusion Middleware (component: Runtime Java agent for ODI (Nimbus JOSE+JWT)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Data Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Data Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-17195 P-2196V-12.2.1.4.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Data Integrator Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-2196V-12.2.1.4.0 Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security (Nimbus JOSE+JWT)). Supported versions that are affected are 9.2.5.3 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Orchestrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-17195 P-11681V-9.2.5.3 and prior 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H JD Edwards EnterpriseOne Orchestrator Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787996.1 P-11681V-9.2.5.3 and prior Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Business Logic Inf SEC (Nimbus JOSE+JWT)). Supported versions that are affected are 9.2.5.3 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-17195 P-4781V-9.2.5.3 and prior 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H JD Edwards EnterpriseOne Tools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787996.1 P-4781V-9.2.5.3 and prior Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC (Nimbus JOSE+JWT)). Supported versions that are affected are 9.2.5.3 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-17195 P-4781V-9.2.5.3 and prior 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H JD Edwards EnterpriseOne Tools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787996.1 P-4781V-9.2.5.3 and prior Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: REST Services (Nimbus JOSE+JWT)). Supported versions that are affected are 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-17195 P-5085V-8.58 P-5085V-8.59 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H PeopleSoft Enterprise PT PeopleTools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2788006.1 P-5085V-8.58 P-5085V-8.59 Vulnerability in Oracle Policy Automation (component: Hub (Nimbus JOSE+JWT)). Supported versions that are affected are 12.2.0-12.2.22. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Policy Automation. Successful attacks of this vulnerability can result in takeover of Oracle Policy Automation. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-17195 P-5624V-12.2.0-12.2.22 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Policy Automation Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2782105.1 P-5624V-12.2.0-12.2.22 Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin (Nimbus JOSE+JWT)). Supported versions that are affected are 18.8.0-18.8.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Gateway. Successful attacks of this vulnerability can result in takeover of Primavera Gateway. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-17195 P-10605V-18.8.0-18.8.11 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Primavera Gateway Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2783281.1 P-10605V-18.8.0-18.8.11 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling (LZ4)). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-17543 P-8478V-5.7.34 and prior P-8478V-8.0.25 and prior 7.5 AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787955.1 P-8478V-5.7.34 and prior P-8478V-8.0.25 and prior Vulnerability in the Oracle Spatial and Graph (GDAL) component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with logon to the infrastructure where Oracle Spatial and Graph (GDAL) executes to compromise Oracle Spatial and Graph (GDAL). Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Spatial and Graph (GDAL). CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-17545 P-619V-12.2.0.1 P-619V-19c 4.4 AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H Spatial and Graph Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-619V-12.2.0.1 P-619V-19c Vulnerability in the Oracle Communications Offline Mediation Controller product of Oracle Communications Applications (component: CN OCOMC (Apache Batik)). The supported version that is affected is 12.0.0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Offline Mediation Controller. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Offline Mediation Controller accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2019-17566 P-2269V-12.0.0.3.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Communications Offline Mediation Controller Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2785182.1 P-2269V-12.0.0.3.0 Vulnerability in the Hyperion Financial Reporting product of Oracle Hyperion (component: Installation (Apache Batik)). Supported versions that are affected are 11.1.2.4 and 11.2.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Financial Reporting. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Financial Reporting accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2019-17566 P-8776V-11.1.2.4 P-8776V-11.2.5.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Hyperion Financial Reporting Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-8776V-11.1.2.4 P-8776V-11.2.5.0 Vulnerability in the Hyperion Infrastructure Technology product of Oracle Hyperion (component: Installation and Configuration (Oracle WebLogic Server)). Supported versions that are affected are 11.1.2.4 and 11.2.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Infrastructure Technology. Successful attacks of this vulnerability can result in takeover of Hyperion Infrastructure Technology. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-2729 P-4392V-11.1.2.4 P-4392V-11.2.5.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Hyperion Infrastructure Technology Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-4392V-11.1.2.4 P-4392V-11.2.5.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). The supported version that is affected is 13.4.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Enterprise Manager Base Platform accessible data as well as unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2019-2897 P-1370V-13.4.0.0 7.4 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Enterprise Manager Base Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-1370V-13.4.0.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: System Monitoring). The supported version that is affected is 13.4.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Enterprise Manager Base Platform accessible data as well as unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2019-2897 P-1370V-13.4.0.0 7.4 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Enterprise Manager Base Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-1370V-13.4.0.0 Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Inventory Organizer (BSAFE Crypto-J)). Supported versions that are affected are 7.3.2, 7.3.4, 7.3.5, 7.4.0 and 7.4.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Unified Inventory Management accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). Security patch has been released CVE-2019-3740 P-4516V-7.3.2 P-4516V-7.3.4 P-4516V-7.3.5 P-4516V-7.4.0 P-4516V-7.4.1 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Communications Unified Inventory Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2785180.1 P-4516V-7.3.2 P-4516V-7.3.4 P-4516V-7.3.5 P-4516V-7.4.0 P-4516V-7.4.1 Vulnerability in the StorageTek Tape Analytics SW Tool product of Oracle Systems (component: Software (BSAFE Crypto-J)). The supported version that is affected is 2.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise StorageTek Tape Analytics SW Tool. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all StorageTek Tape Analytics SW Tool accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). Security patch has been released CVE-2019-3740 P-10085V-2.3 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Tape General STA - StorageTek Tape Analytics SW Tool Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2788472.1 P-10085V-2.3 Vulnerability in the Big Data Spatial and Graph product of Oracle Big Data Graph (component: Big Data Graph (OpenCV)). The supported version that is affected is Prior to 2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Big Data Spatial and Graph. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Big Data Spatial and Graph. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-5064 P-11528V-Prior to 2.0 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Big Data Spatial and Graph Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-11528V-Prior to 2.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Service Level Mgmt (OpenCV)). The supported version that is affected is 13.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Enterprise Manager Base Platform. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-5064 P-1370V-13.4.0.0 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Enterprise Manager Base Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-1370V-13.4.0.0 Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications (component: Publications (Perl)). Supported versions that are affected are 8.2, 9.0 and 9.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SD-WAN Edge. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle SD-WAN Edge as well as unauthorized update, insert or delete access to some of Oracle SD-WAN Edge accessible data and unauthorized read access to a subset of Oracle SD-WAN Edge accessible data. CVSS 3.1 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H). Security patch has been released CVE-2020-10543 P-13940V-8.2 P-13940V-9.0 P-13940V-9.1 8.6 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H SD-WAN Edge Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787240.1 P-13940V-8.2 P-13940V-9.0 P-13940V-9.1 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Service Level Mgmt (dom4j)). The supported version that is affected is 13.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in takeover of Enterprise Manager Base Platform. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-10683 P-1370V-13.4.0.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Enterprise Manager Base Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-1370V-13.4.0.0 Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: Oracle JDeveloper (dom4j)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-10683 P-807V-12.2.1.4.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H JDeveloper Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-807V-12.2.1.4.0 Vulnerability in the StorageTek Tape Analytics SW Tool product of Oracle Systems (component: Software (dom4j)). The supported version that is affected is 2.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise StorageTek Tape Analytics SW Tool. Successful attacks of this vulnerability can result in takeover of StorageTek Tape Analytics SW Tool. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-10683 P-10085V-2.3 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Tape General STA - StorageTek Tape Analytics SW Tool Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2788472.1 P-10085V-2.3 Vulnerability in the Oracle Communications Offline Mediation Controller product of Oracle Communications Applications (component: UDC CORE (Perl)). The supported version that is affected is 12.0.0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP/IP to compromise Oracle Communications Offline Mediation Controller. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Offline Mediation Controller as well as unauthorized update, insert or delete access to some of Oracle Communications Offline Mediation Controller accessible data and unauthorized read access to a subset of Oracle Communications Offline Mediation Controller accessible data. CVSS 3.1 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H). Security patch has been released CVE-2020-10878 P-2269V-12.0.0.3.0 8.6 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Communications Offline Mediation Controller Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2785182.1 P-2269V-12.0.0.3.0 Vulnerability in the Oracle Communications Pricing Design Center product of Oracle Communications Applications (component: Transformation for PDC (Perl)). The supported version that is affected is 12.0.0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Pricing Design Center. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Pricing Design Center as well as unauthorized update, insert or delete access to some of Oracle Communications Pricing Design Center accessible data and unauthorized read access to a subset of Oracle Communications Pricing Design Center accessible data. CVSS 3.1 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H). Security patch has been released CVE-2020-10878 P-9437V-12.0.0.3.0 8.6 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Communications Pricing Design Center Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2785183.1 P-9437V-12.0.0.3.0 Vulnerability in the Oracle Configuration Manager product of Oracle Enterprise Manager (component: Content Server (Perl)). The supported version that is affected is 12.1.2.0.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configuration Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Configuration Manager as well as unauthorized update, insert or delete access to some of Oracle Configuration Manager accessible data and unauthorized read access to a subset of Oracle Configuration Manager accessible data. CVSS 3.1 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H). Security patch has been released CVE-2020-10878 P-1967V-12.1.2.0.8 8.6 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Configuration Manager Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-1967V-12.1.2.0.8 Vulnerability in the Oracle SD-WAN Aware product of Oracle Communications (component: Monitoring (Perl)). Supported versions that are affected are 8.2 and 9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SD-WAN Aware. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle SD-WAN Aware as well as unauthorized update, insert or delete access to some of Oracle SD-WAN Aware accessible data and unauthorized read access to a subset of Oracle SD-WAN Aware accessible data. CVSS 3.1 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H). Security patch has been released CVE-2020-10878 P-13941V-8.2 P-13941V-9.0 8.6 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H SD-WAN Aware Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787244.1 P-13941V-8.2 P-13941V-9.0 Security-in-Depth issue in the RDBMS (Perl) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2020-10878 P-662V-All Supported Versions 0.0 Universal Installer Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-662V-All Supported Versions Vulnerability in the Oracle Financial Services Revenue Management and Billing Analytics product of Oracle Financial Services Applications (component: Dashboards (jQuery)). Supported versions that are affected are 2.7.0 and 2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing Analytics. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Revenue Management and Billing Analytics, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Revenue Management and Billing Analytics accessible data as well as unauthorized read access to a subset of Oracle Financial Services Revenue Management and Billing Analytics accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-11527V-2.7.0 P-11527V-2.8.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Financial Services Revenue Management and Billing Analytics Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2767127.1 P-11527V-2.7.0 P-11527V-2.8.0 Vulnerability in the OSS Support Tools product of Oracle Support Tools (component: Diagnostic Assistant (jQuery)). The supported version that is affected is Prior to 2.12.41. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise OSS Support Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in OSS Support Tools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of OSS Support Tools accessible data as well as unauthorized read access to a subset of OSS Support Tools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11023 P-1330V-Prior to 2.12.41 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N OSS Support Tools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787969.1 P-1330V-Prior to 2.12.41 Vulnerability in the Oracle Communications BRM - Elastic Charging Engine product of Oracle Communications Applications (component: HTTP GW (Netty)). The supported version that is affected is 12.0.0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications BRM - Elastic Charging Engine. Successful attacks of this vulnerability can result in takeover of Oracle Communications BRM - Elastic Charging Engine. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-11612 P-9742V-12.0.0.3.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Communications BRM - Elastic Charging Engine Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2785183.1 P-9742V-12.0.0.3.0 Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: KPI (Netty)). The supported version that is affected is 1.5.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Service Communication Proxy. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-11612 P-14117V-1.5.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Communications Cloud Native Core Service Communication Proxy Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2791682.1 P-14117V-1.5.2 Vulnerability in the Oracle Agile Engineering Data Management product of Oracle Supply Chain (component: Installation Issues (Apache Ant)). The supported version that is affected is 6.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile Engineering Data Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Agile Engineering Data Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2020-11979 P-4436V-6.2.1.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Agile Engineering Data Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787997.1 P-4436V-6.2.1.0 Vulnerability in the Oracle Banking Treasury Management product of Oracle Financial Services Applications (component: Capital Workflow (Apache Ant)). The supported version that is affected is 14.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Treasury Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Treasury Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2020-11979 P-14133V-14.4 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Banking Treasury Management Oracle customers with valid support contracts https://support.oracle.com P-14133V-14.4 Vulnerability in the Oracle FLEXCUBE Private Banking product of Oracle Financial Services Applications (component: Order Management (Apache Ant)). Supported versions that are affected are 12.0.0 and 12.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Private Banking accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2020-11979 P-9110V-12.0.0 P-9110V-12.1.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N FLEXCUBE Private Banking Oracle customers with valid support contracts https://support.oracle.com P-9110V-12.0.0 P-9110V-12.1.0 Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Rate Management (Apache Ant)). Supported versions that are affected are 8.0.6-8.0.9, 8.1.0 and 8.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2020-11979 P-5680V-8.0.6-8.0.9 P-5680V-8.1.0 P-5680V-8.1.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Financial Services Analytical Applications Infrastructure Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787723.1 P-5680V-8.0.6-8.0.9 P-5680V-8.1.0 P-5680V-8.1.1 Vulnerability in the Oracle Retail Merchandising System product of Oracle Retail Applications (component: Procurement (Apache Ant)). The supported version that is affected is 14.1.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Merchandising System. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Retail Merchandising System accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2020-11979 P-1816V-14.1.3.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Retail Merchandising System Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2783353.1 P-1816V-14.1.3.2 Vulnerability in the Oracle Communications Offline Mediation Controller product of Oracle Communications Applications (component: UDC CORE (Apache Batik)). The supported version that is affected is 12.0.0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP/IP to compromise Oracle Communications Offline Mediation Controller. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Offline Mediation Controller accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). Security patch has been released CVE-2020-11987 P-2269V-12.0.0.3.0 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Communications Offline Mediation Controller Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2785182.1 P-2269V-12.0.0.3.0 Vulnerability in the Oracle Enterprise Repository product of Oracle Fusion Middleware (component: Security Subsystem - 12c (Apache Batik)). The supported version that is affected is 11.1.1.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Repository. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Repository accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). Security patch has been released CVE-2020-11987 P-5326V-11.1.1.7.0 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Enterprise Repository Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-5326V-11.1.1.7.0 Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: General Ledger (Apache Batik)). Supported versions that are affected are 14.1.0-14.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). Security patch has been released CVE-2020-11987 P-9052V-14.1.0-14.4.0 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N FLEXCUBE Universal Banking Oracle customers with valid support contracts https://support.oracle.com P-9052V-14.1.0-14.4.0 Vulnerability in the Oracle Fusion Middleware MapViewer product of Oracle Fusion Middleware (component: Install (Apache Batik)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Fusion Middleware MapViewer. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Fusion Middleware MapViewer accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). Security patch has been released CVE-2020-11987 P-1215V-12.2.1.4.0 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Fusion Middleware MapViewer Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-1215V-12.2.1.4.0 Vulnerability in the Oracle Retail Order Broker product of Oracle Retail Applications (component: Store Connect (Apache Batik)). Supported versions that are affected are 15.0 and 16.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Order Broker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Order Broker accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). Security patch has been released CVE-2020-11987 P-11520V-15.0 P-11520V-16.0 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Retail Order Broker Cloud Service Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2783353.1 P-11520V-15.0 P-11520V-16.0 Vulnerability in the Oracle Retail Order Management System Cloud Service product of Oracle Retail Applications (component: Internal Operations (Apache Batik)). The supported version that is affected is 19.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Order Management System Cloud Service. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Order Management System Cloud Service accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). Security patch has been released CVE-2020-11987 P-11519V-19.5 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Retail Order Management System Cloud Service Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2783353.1 P-11519V-19.5 Security-in-Depth issue in the Oracle Spatial and Graph MapViewer (Apache Batik) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2020-11987 P-619V-All Supported Versions 0.0 Spatial and Graph Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-619V-All Supported Versions Security-in-Depth issue in the Oracle Spatial and Graph MapViewer (Apache XMLGraphics Commons) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2020-11988 P-619V-All Supported Versions 0.0 Spatial and Graph Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-619V-All Supported Versions Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: Provisioning (Apache ActiveMQ)). Supported versions that are affected are 8.0.0-8.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks of this vulnerability can result in takeover of Oracle Communications Diameter Signaling Router (DSR). CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-11998 P-10899V-8.0.0-8.5.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Communications Diameter Signaling Router (DSR) Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787208.1 P-10899V-8.0.0-8.5.0 Vulnerability in the Oracle FLEXCUBE Private Banking product of Oracle Financial Services Applications (component: Financial Planning (Apache ActiveMQ)). Supported versions that are affected are 12.0.0 and 12.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in takeover of Oracle FLEXCUBE Private Banking. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-11998 P-9110V-12.0.0 P-9110V-12.1.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H FLEXCUBE Private Banking Oracle customers with valid support contracts https://support.oracle.com P-9110V-12.0.0 P-9110V-12.1.0 Vulnerability in the Oracle Agile Engineering Data Management product of Oracle Supply Chain (component: Installation Issues (Apache Tomcat)). The supported version that is affected is 6.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile Engineering Data Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Agile Engineering Data Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-13935 P-4436V-6.2.1.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Agile Engineering Data Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787997.1 P-4436V-6.2.1.0 Vulnerability in the Oracle Data Integrator product of Oracle Fusion Middleware (component: Install, config, upgrade (Apache HttpClient)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Data Integrator. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Data Integrator accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). Security patch has been released CVE-2020-13956 P-2196V-12.2.1.3.0 P-2196V-12.2.1.4.0 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Data Integrator Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-2196V-12.2.1.3.0 P-2196V-12.2.1.4.0 Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Cloud Manager (Apache HttpClient)). Supported versions that are affected are 8.57, 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). Security patch has been released CVE-2020-13956 P-5085V-8.57 P-5085V-8.58 P-5085V-8.59 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N PeopleSoft Enterprise PT PeopleTools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2788006.1 P-5085V-8.57 P-5085V-8.58 P-5085V-8.59 Security-in-Depth issue in the Oracle Spatial and Graph MapViewer (Apache HttpClient) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2020-13956 P-619V-All Supported Versions 0.0 Spatial and Graph Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-619V-All Supported Versions Vulnerability in the Oracle Communications Instant Messaging Server product of Oracle Communications Applications (component: Managing Messages (jackson-databind)). The supported version that is affected is 10.0.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Instant Messaging Server. Successful attacks of this vulnerability can result in takeover of Oracle Communications Instant Messaging Server. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-14195 P-8495V-10.0.1.4.0 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Communications Instant Messaging Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2786444.1 P-8495V-10.0.1.4.0 Vulnerability in the Oracle Communications BRM - Elastic Charging Engine product of Oracle Communications Applications (component: Elastic charging controller (Apache Groovy)). Supported versions that are affected are 11.3.0.9.0 and 12.0.0.3.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications BRM - Elastic Charging Engine executes to compromise Oracle Communications BRM - Elastic Charging Engine. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications BRM - Elastic Charging Engine accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2020-17521 P-9742V-11.3.0.9.0 P-9742V-12.0.0.3.0 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Communications BRM - Elastic Charging Engine Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2785183.1 P-9742V-11.3.0.9.0 P-9742V-12.0.0.3.0 Vulnerability in the Oracle Communications Evolved Communications Application Server product of Oracle Communications (component: Control Engine (Apache Groovy)). The supported version that is affected is 7.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Evolved Communications Application Server executes to compromise Oracle Communications Evolved Communications Application Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Evolved Communications Application Server accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2020-17521 P-10994V-7.1 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Communications Evolved Communications Application Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787205.1 P-10994V-7.1 Vulnerability in the Big Data Spatial and Graph product of Oracle Big Data Graph (component: Big Data Graph (Apache Tomcat)). The supported version that is affected is Prior to 23.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Big Data Spatial and Graph. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Big Data Spatial and Graph accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2020-17527 P-11528V-Prior to 23.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Big Data Spatial and Graph Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-11528V-Prior to 23.1 Vulnerability in the Oracle Communications Pricing Design Center product of Oracle Communications Applications (component: Transformation for PDC (Apache Tomcat)). The supported version that is affected is 12.0.0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Pricing Design Center. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Pricing Design Center accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2020-17527 P-9437V-12.0.0.3.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Communications Pricing Design Center Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2785183.1 P-9437V-12.0.0.3.0 Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (Apache Tomcat)). Supported versions that are affected are 16.0.6, 17.0.4, 18.0.3, 19.0.2 and 20.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Xstore Point of Service accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2020-17527 P-11513V-16.0.6 P-11513V-17.0.4 P-11513V-18.0.3 P-11513V-19.0.2 P-11513V-20.0.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Retail Xstore Point of Service Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2783353.1 P-11513V-16.0.6 P-11513V-17.0.4 P-11513V-18.0.3 P-11513V-19.0.2 P-11513V-20.0.1 Vulnerability in the Oracle Communications Pricing Design Center product of Oracle Communications Applications (component: CNE (Apache Struts)). The supported version that is affected is 12.0.0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Pricing Design Center. Successful attacks of this vulnerability can result in takeover of Oracle Communications Pricing Design Center. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-17530 P-9437V-12.0.0.3.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Communications Pricing Design Center Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2785183.1 P-9437V-12.0.0.3.0 Vulnerability in the Oracle Data Integrator product of Oracle Fusion Middleware (component: Install, config, upgrade (Apache Ant)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Data Integrator executes to compromise Oracle Data Integrator. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Data Integrator accessible data as well as unauthorized access to critical data or complete access to all Oracle Data Integrator accessible data. CVSS 3.1 Base Score 6.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2020-1945 P-2196V-12.2.1.3.0 P-2196V-12.2.1.4.0 6.3 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Data Integrator Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-2196V-12.2.1.3.0 P-2196V-12.2.1.4.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Discovery Framework (OpenSSL)). The supported version that is affected is 13.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Enterprise Manager Base Platform. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-1971 P-1370V-13.4.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Enterprise Manager Base Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-1370V-13.4.0.0 Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Signaling (Go)). The supported version that is affected is 1.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Cloud Native Core Policy, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Policy accessible data as well as unauthorized read access to a subset of Oracle Communications Cloud Native Core Policy accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-24553 P-14277V-1.5.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Communications Cloud Native Core Policy Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2791658.1 P-14277V-1.5.0 Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Onboarding (jackson-databind)). Supported versions that are affected are 14.2, 14.3 and 14.5. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in takeover of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-24750 P-13304V-14.2 P-13304V-14.3 P-13304V-14.5 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Banking Liquidity Management Oracle customers with valid support contracts https://support.oracle.com P-13304V-14.2 P-13304V-14.3 P-13304V-14.5 Vulnerability in the Siebel Core - Server Framework product of Oracle Siebel CRM (component: Services (jackson-databind)). Supported versions that are affected are 21.5 and Prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Core - Server Framework. Successful attacks of this vulnerability can result in takeover of Siebel Core - Server Framework. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-24750 P-9001V-21.5 and Prior 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Siebel Core - Server Framework Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787995.1 P-9001V-21.5 and Prior Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Installation Component (Oracle Coherence)). The supported version that is affected is 11.1.2.3.0. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the Oracle Access Manager executes to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Access Manager accessible data as well as unauthorized read access to a subset of Oracle Access Manager accessible data. CVSS 3.1 Base Score 3.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N). Security patch has been released CVE-2020-2555 P-5565V-11.1.2.3.0 3.1 AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N Access Manager Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-5565V-11.1.2.3.0 Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework (Coherence)). Supported versions that are affected are 11.0.0, 11.1.0, 11.2.0 and 11.3.0-11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks of this vulnerability can result in takeover of Oracle Commerce Platform. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-2555 P-9348V-11.0.0 P-9348V-11.1.0 P-9348V-11.2.0 P-9348V-11.3.0-11.3.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Commerce Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2792990.1 P-9348V-11.0.0 P-9348V-11.1.0 P-9348V-11.2.0 P-9348V-11.3.0-11.3.2 Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Segment (Hibernate)). The supported version that is affected is 19.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized access to critical data or complete access to all Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2020-25638 P-13388V-19.0 7.4 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Retail Customer Management and Segmentation Foundation Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2783353.1 P-13388V-19.0 Vulnerability in the Oracle Communications Pricing Design Center product of Oracle Communications Applications (component: CNE (NSS)). The supported version that is affected is 12.0.0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Pricing Design Center. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Pricing Design Center. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-25648 P-9437V-12.0.0.3.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Communications Pricing Design Center Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2785183.1 P-9437V-12.0.0.3.0 Vulnerability in the Oracle Banking Treasury Management product of Oracle Financial Services Applications (component: Accounting (jackson-databind)). The supported version that is affected is 14.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Treasury Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Treasury Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2020-25649 P-14133V-14.4 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Banking Treasury Management Oracle customers with valid support contracts https://support.oracle.com P-14133V-14.4 Security-in-Depth issue in the Big Data Spatial and Graph product of Oracle Big Data Graph (component: Big Data Graph (jackson-databind)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2020-25649 P-11528V-All Supported Versions 0.0 Big Data Spatial and Graph Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-11528V-All Supported Versions Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework (jackson-databind)). Supported versions that are affected are 11.2.0 and 11.3.0-11.3.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks of this vulnerability can result in takeover of Oracle Commerce Platform. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-25649 P-9348V-11.2.0 P-9348V-11.3.0-11.3.2 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Commerce Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2792990.1 P-9348V-11.2.0 P-9348V-11.3.0-11.3.2 Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Business Operation Center (jackson-databind)). Supported versions that are affected are 7.5.0.23.0 and 12.0.0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Billing and Revenue Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2020-25649 P-2136V-7.5.0.23.0 P-2136V-12.0.0.3.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Communications Billing and Revenue Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2785183.1 P-2136V-7.5.0.23.0 P-2136V-12.0.0.3.0 Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: UDR (jackson-databind)). The supported version that is affected is 1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Unified Data Repository accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2020-25649 P-14119V-1.4.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Communications Cloud Native Core Unified Data Repository Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2791683.1 P-14119V-1.4.0 Vulnerability in the Oracle Communications Convergent Charging Controller product of Oracle Communications Applications (component: Common fns (jackson-databind)). The supported version that is affected is 12.0.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Convergent Charging Controller. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Convergent Charging Controller accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2020-25649 P-12985V-12.0.4.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Communications Convergent Charging Controller Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2790722.1 P-12985V-12.0.4.0.0 Vulnerability in the Oracle Communications Evolved Communications Application Server product of Oracle Communications (component: Session Design Center GUI (jackson-databind)). The supported version that is affected is 7.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Evolved Communications Application Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Evolved Communications Application Server accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2020-25649 P-10994V-7.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Communications Evolved Communications Application Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787205.1 P-10994V-7.1 Vulnerability in the Oracle Communications Network Charging and Control product of Oracle Communications Applications (component: OUI (jackson-databind)). The supported version that is affected is 12.0.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Network Charging and Control. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Network Charging and Control accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2020-25649 P-4623V-12.0.4.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Communications Network Charging and Control Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2790722.1 P-4623V-12.0.4.0.0 Vulnerability in the Oracle Communications Services Gatekeeper product of Oracle Communications (component: OCSG Policy service (jackson-databind)). The supported version that is affected is 7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Services Gatekeeper. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Services Gatekeeper accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2020-25649 P-5381V-7.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Communications Services Gatekeeper Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787242.1 P-5381V-7.0 Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Media Resource (jackson-databind)). The supported version that is affected is 7.4.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Unified Inventory Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2020-25649 P-4516V-7.4.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Communications Unified Inventory Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2785180.1 P-4516V-7.4.1 Vulnerability in the Oracle GoldenGate Application Adapters product of Oracle Fusion Middleware (component: Application Adapters (jackson-databind)). The supported version that is affected is 19.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GoldenGate Application Adapters. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle GoldenGate Application Adapters accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2020-25649 P-5760V-19.1.0.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N GoldenGate Big Data and Application Adapters Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-5760V-19.1.0.0.0 Vulnerability in the Oracle Insurance Policy Administration product of Oracle Insurance Applications (component: Architecture (jackson-databind)). Supported versions that are affected are 11.0.2 and 11.1.0-11.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Policy Administration. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Insurance Policy Administration accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2020-25649 P-5279V-11.0.2 P-5279V-11.1.0-11.3.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Insurance Policy Administration J2EE Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2784893.1 P-5279V-11.0.2 P-5279V-11.1.0-11.3.0 Vulnerability in the Oracle Insurance Rules Palette product of Oracle Insurance Applications (component: Architecture (jackson-databind)). Supported versions that are affected are 11.0.2 and 11.1.0-11.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Rules Palette. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Insurance Rules Palette accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2020-25649 P-5288V-11.0.2 P-5288V-11.1.0-11.3.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Insurance Rules Palette Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2784893.1 P-5288V-11.0.2 P-5288V-11.1.0-11.3.0 Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security (jackson-databind)). Supported versions that are affected are 9.2.5.3 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2020-25649 P-11681V-9.2.5.3 and prior 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N JD Edwards EnterpriseOne Orchestrator Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787996.1 P-11681V-9.2.5.3 and prior Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics SEC (jackson-databind)). Supported versions that are affected are 9.2.5.3 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2020-25649 P-4781V-9.2.5.3 and prior 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N JD Edwards EnterpriseOne Tools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787996.1 P-4781V-9.2.5.3 and prior Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC (jackson-databind)). Supported versions that are affected are 9.2.5.3 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2020-25649 P-4781V-9.2.5.3 and prior 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N JD Edwards EnterpriseOne Tools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787996.1 P-4781V-9.2.5.3 and prior Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin (jackson-databind)). Supported versions that are affected are 17.12.0-17.12.11, 18.8.0-18.8.11, 19.12.0-19.12.10 and 20.12.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Gateway. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera Gateway accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2020-25649 P-10605V-17.12.0-17.12.11 P-10605V-18.8.0-18.8.11 P-10605V-19.12.0-19.12.10 P-10605V-20.12.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Primavera Gateway Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2783281.1 P-10605V-17.12.0-17.12.11 P-10605V-18.8.0-18.8.11 P-10605V-19.12.0-19.12.10 P-10605V-20.12.0 Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Project Delivery (jackson-databind)). Supported versions that are affected are 17.7-17.12, 18.8, 19.12 and 20.12. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Primavera Unifier executes to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Unifier accessible data as well as unauthorized read access to a subset of Primavera Unifier accessible data. CVSS 3.1 Base Score 3.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N). Security patch has been released CVE-2020-25649 P-10354V-17.7-17.12 P-10354V-18.8 P-10354V-19.12 P-10354V-20.12 3.9 AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Primavera Unifier Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2783281.1 P-10354V-17.7-17.12 P-10354V-18.8 P-10354V-19.12 P-10354V-20.12 Vulnerability in the Oracle Retail Service Backbone product of Oracle Retail Applications (component: RSB Installation (jackson-databind)). Supported versions that are affected are 16.0.3.0, 15.0.3.1 and 14.1.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Service Backbone. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Retail Service Backbone accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2020-25649 P-10867V-16.0.3.0 P-10867V-15.0.3.1 P-10867V-14.1.3.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Retail Service Backbone Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2783353.1 P-10867V-16.0.3.0 P-10867V-15.0.3.1 P-10867V-14.1.3.2 Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (jackson-databind)). Supported versions that are affected are 16.0.6, 17.0.4, 18.0.3 and 19.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Retail Xstore Point of Service accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2020-25649 P-11513V-16.0.6 P-11513V-17.0.4 P-11513V-18.0.3 P-11513V-19.0.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Retail Xstore Point of Service Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2783353.1 P-11513V-16.0.6 P-11513V-17.0.4 P-11513V-18.0.3 P-11513V-19.0.2 Security-in-Depth issue in the Oracle Spatial and Graph Network Data Model (jackson-databind) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2020-25649 P-619V-All Supported Versions 0.0 Spatial and Graph Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-619V-All Supported Versions Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Content Acquisition System (Java SE)). The supported version that is affected is 11.3.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in takeover of Oracle Commerce Guided Search. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-2604 P-9633V-11.3.2 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Commerce Guided Search / Oracle Commerce Experience Manager Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2792990.1 P-9633V-11.3.2 Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager product of Oracle Commerce (component: Tools and Frameworks (Java SE)). The supported version that is affected is 11.3.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search / Oracle Commerce Experience Manager. Successful attacks of this vulnerability can result in takeover of Oracle Commerce Guided Search / Oracle Commerce Experience Manager. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-2604 P-9633V-11.3.2 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Commerce Guided Search / Oracle Commerce Experience Manager Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2792990.1 P-9633V-11.3.2 Vulnerability in the Oracle Application Express Application Builder (DOMPurify) component of Oracle Database Server. The supported version that is affected is Prior to 21.1.0.00.01. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Application Builder (DOMPurify). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Application Builder (DOMPurify), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Application Builder (DOMPurify) accessible data as well as unauthorized read access to a subset of Oracle Application Express Application Builder (DOMPurify) accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-26870 P-1348V-Prior to 21.1.0.00.01 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Application Express (APEX) Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-1348V-Prior to 21.1.0.00.01 Vulnerability in the Oracle Application Express (CKEditor) component of Oracle Database Server. The supported version that is affected is Prior to 21.1.0.00.01. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express (CKEditor). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express (CKEditor), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express (CKEditor) accessible data as well as unauthorized read access to a subset of Oracle Application Express (CKEditor) accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-27193 P-1348V-Prior to 21.1.0.00.01 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Application Express (APEX) Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-1348V-Prior to 21.1.0.00.01 Vulnerability in the Oracle Banking Party Management product of Oracle Financial Services Applications (component: Web UI (CKEditor)). The supported version that is affected is 2.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Party Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Party Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Party Management accessible data as well as unauthorized read access to a subset of Oracle Banking Party Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-27193 P-13929V-2.7.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Banking Party Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787695.1 P-13929V-2.7.0 Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Rate Management (CKEditor)). Supported versions that are affected are 8.0.6-8.0.9, 8.1.0 and 8.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-27193 P-5680V-8.0.6-8.0.9 P-5680V-8.1.0 P-5680V-8.1.1 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Financial Services Analytical Applications Infrastructure Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787723.1 P-5680V-8.0.6-8.0.9 P-5680V-8.1.0 P-5680V-8.1.1 Vulnerability in the Oracle Communications Offline Mediation Controller product of Oracle Communications Applications (component: CN OCOMC (Eclipse Jetty)). The supported version that is affected is 12.0.0.3.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Offline Mediation Controller executes to compromise Oracle Communications Offline Mediation Controller. Successful attacks of this vulnerability can result in takeover of Oracle Communications Offline Mediation Controller. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-27216 P-2269V-12.0.0.3.0 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Communications Offline Mediation Controller Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2785182.1 P-2269V-12.0.0.3.0 Vulnerability in the Oracle Communications Pricing Design Center product of Oracle Communications Applications (component: Transformation for PDC (Eclipse Jetty)). The supported version that is affected is 12.0.0.3.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Pricing Design Center executes to compromise Oracle Communications Pricing Design Center. Successful attacks of this vulnerability can result in takeover of Oracle Communications Pricing Design Center. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-27216 P-9437V-12.0.0.3.0 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Communications Pricing Design Center Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2785183.1 P-9437V-12.0.0.3.0 Vulnerability in the Oracle Communications Services Gatekeeper product of Oracle Communications (component: Call Control Common Service (Eclipse Jetty)). The supported version that is affected is 7.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Services Gatekeeper executes to compromise Oracle Communications Services Gatekeeper. Successful attacks of this vulnerability can result in takeover of Oracle Communications Services Gatekeeper. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-27216 P-5381V-7.0 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Communications Services Gatekeeper Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787242.1 P-5381V-7.0 Vulnerability in the Siebel Core - Automation product of Oracle Siebel CRM (component: Test Automation (Eclipse Jetty)). Supported versions that are affected are 21.5 and Prior. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Siebel Core - Automation executes to compromise Siebel Core - Automation. Successful attacks of this vulnerability can result in takeover of Siebel Core - Automation. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-27216 P-8988V-21.5 and Prior 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Siebel Core - Automation Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787995.1 P-8988V-21.5 and Prior Vulnerability in the Oracle Communications Services Gatekeeper product of Oracle Communications (component: Subscriber profile (Eclipse Jetty)). The supported version that is affected is 7.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Services Gatekeeper. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Services Gatekeeper accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Services Gatekeeper. CVSS 3.1 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L). Security patch has been released CVE-2020-27218 P-5381V-7.0 4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L Communications Services Gatekeeper Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787242.1 P-5381V-7.0 Vulnerability in the Oracle FLEXCUBE Private Banking product of Oracle Financial Services Applications (component: Financial Planning (Eclipse Jetty)). Supported versions that are affected are 12.0.0 and 12.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Private Banking accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Private Banking accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Private Banking. CVSS 3.1 Base Score 9.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L). Security patch has been released CVE-2020-27218 P-9110V-12.0.0 P-9110V-12.1.0 9.4 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L FLEXCUBE Private Banking Oracle customers with valid support contracts https://support.oracle.com P-9110V-12.0.0 P-9110V-12.1.0 Security-in-Depth issue in the MapViewer (OWASP ESAPI)Oracle Spatial and Graph (OpenJPEG) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2020-27844 P-619V-All Supported Versions 0.0 Spatial and Graph Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-619V-All Supported Versions Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework (Bouncy Castle Java Library)). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Portal. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-28052 P-1696V-11.1.1.9.0 P-1696V-12.2.1.3.0 P-1696V-12.2.1.4.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WebCenter Portal Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-1696V-11.1.1.9.0 P-1696V-12.2.1.3.0 P-1696V-12.2.1.4.0 Vulnerability in the Oracle Communications Offline Mediation Controller product of Oracle Communications Applications (component: NM Core (Kerberos)). The supported version that is affected is 12.0.0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Offline Mediation Controller. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Offline Mediation Controller. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-28196 P-2269V-12.0.0.3.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Communications Offline Mediation Controller Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2785182.1 P-2269V-12.0.0.3.0 Vulnerability in the Oracle Communications Pricing Design Center product of Oracle Communications Applications (component: Transformation for PDC (Kerberos)). The supported version that is affected is 12.0.0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Pricing Design Center. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Pricing Design Center. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-28196 P-9437V-12.0.0.3.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Communications Pricing Design Center Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2785183.1 P-9437V-12.0.0.3.0 Security-in-Depth issue in the Oracle Database - Enterprise Edition (Kerberos) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2020-28196 P-5V-All Supported Versions 0.0 Database - Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-5V-All Supported Versions Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: LLVM Interpreter (musl libc)). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle GraalVM Enterprise Edition executes to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GraalVM Enterprise Edition. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-28928 P-13497V-Oracle GraalVM Enterprise Edition:20.3.2 P-13497V-Oracle GraalVM Enterprise Edition:21.1.0 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H GraalVM Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787003.1 P-13497V-Oracle GraalVM Enterprise Edition:20.3.2 P-13497V-Oracle GraalVM Enterprise Edition:21.1.0 Vulnerability in the Oracle Communications Cloud Native Core Network Slice Selection Function product of Oracle Communications (component: Signaling (Calico)). The supported version that is affected is 1.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Slice Selection Function. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Cloud Native Core Network Slice Selection Function accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-29582 P-14130V-1.2.1 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Communications Cloud Native Core Network Slice Selection Function Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2791657.1 P-14130V-1.2.1 Vulnerability in the Oracle Insurance Policy Administration J2EE product of Oracle Insurance Applications (component: Security Information (jackson-databind)). The supported version that is affected is 11.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Policy Administration J2EE. Successful attacks of this vulnerability can result in takeover of Oracle Insurance Policy Administration J2EE. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-35490 P-5279V-11.0.2 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Insurance Policy Administration J2EE Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2784893.1 P-5279V-11.0.2 Vulnerability in the Oracle Communications Application Session Controller product of Oracle Communications (component: Signaling (dojo)). The supported version that is affected is 3.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Application Session Controller. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Application Session Controller accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2020-5258 P-10769V-3.9 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Communications Application Session Controller Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787241.1 P-10769V-3.9 Vulnerability in the Oracle Communications Pricing Design Center product of Oracle Communications Applications (component: Server for PDC (dojo)). The supported version that is affected is 12.0.0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Pricing Design Center. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Pricing Design Center accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2020-5258 P-9437V-12.0.0.3.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Communications Pricing Design Center Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2785183.1 P-9437V-12.0.0.3.0 Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Core UI (dojo)). Supported versions that are affected are 17.7-17.12, 18.8, 19.12 and 20.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Unifier accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). Security patch has been released CVE-2020-5258 P-10354V-17.7-17.12 P-10354V-18.8 P-10354V-19.12 P-10354V-20.12 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Primavera Unifier Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2783281.1 P-10354V-17.7-17.12 P-10354V-18.8 P-10354V-19.12 P-10354V-20.12 Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Configuration (Spring Framework)). The supported version that is affected is 1.5.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-5398 P-14277V-1.5.0 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Communications Cloud Native Core Policy Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2791658.1 P-14277V-1.5.0 Vulnerability in the Oracle Retail Back Office product of Oracle Retail Applications (component: Pricing (Spring Framework)). The supported version that is affected is 14.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Back Office. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Retail Back Office. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-5398 P-2013V-14.1 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Retail Back Office Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2783353.1 P-2013V-14.1 Vulnerability in the Oracle Retail Central Office product of Oracle Retail Applications (component: Transaction Tracker (Spring Framework)). The supported version that is affected is 14.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Central Office. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Retail Central Office. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-5398 P-2016V-14.1 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Retail Central Office Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2783353.1 P-2016V-14.1 Vulnerability in the Oracle Retail Point-of-Service product of Oracle Retail Applications (component: Queue Management (Spring Framework)). The supported version that is affected is 14.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Point-of-Service. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Retail Point-of-Service. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-5398 P-2017V-14.1 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Retail Point-of-Service Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2783353.1 P-2017V-14.1 Vulnerability in the Oracle Retail Returns Management product of Oracle Retail Applications (component: Main Dashboard (Spring Framework)). The supported version that is affected is 14.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Returns Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Retail Returns Management. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-5398 P-2020V-14.1 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Retail Returns Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2783353.1 P-2020V-14.1 Vulnerability in the Oracle FLEXCUBE Private Banking product of Oracle Financial Services Applications (component: Financial Planning (Spring Integration)). Supported versions that are affected are 12.0.0 and 12.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in takeover of Oracle FLEXCUBE Private Banking. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-5413 P-9110V-12.0.0 P-9110V-12.1.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H FLEXCUBE Private Banking Oracle customers with valid support contracts https://support.oracle.com P-9110V-12.0.0 P-9110V-12.1.0 Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: General (Spring Framework)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Data Quality. Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Data Quality. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-5421 P-9464V-12.2.1.3.0 P-9464V-12.2.1.4.0 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Enterprise Data Quality Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-9464V-12.2.1.3.0 P-9464V-12.2.1.4.0 Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Promotions (Spring Framework)). Supported versions that are affected are 16.0-19.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in takeover of Oracle Retail Customer Management and Segmentation Foundation. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-5421 P-13388V-16.0-19.0 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Retail Customer Management and Segmentation Foundation Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2783353.1 P-13388V-16.0-19.0 Vulnerability in the Oracle Retail Customer Engagement product of Oracle Retail Applications (component: Internal Operations (Spring Framework)). Supported versions that are affected are 16.0-19.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Customer Engagement. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Customer Engagement, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Retail Customer Engagement accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Engagement accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N). Security patch has been released CVE-2020-5421 P-11518V-16.0-19.0 6.5 AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N Retail Customer Management and Segmentation Foundation Cloud Service Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2783353.1 P-11518V-16.0-19.0 Vulnerability in the Oracle Retail Merchandising System product of Oracle Retail Applications (component: Foundation (Spring Framework)). The supported version that is affected is 16.0.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Merchandising System. Successful attacks of this vulnerability can result in takeover of Oracle Retail Merchandising System. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-5421 P-1816V-16.0.3 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Retail Merchandising System Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2783353.1 P-1816V-16.0.3 Vulnerability in the StorageTek Tape Analytics SW Tool product of Oracle Systems (component: Software (Spring Framework)). The supported version that is affected is 2.3. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise StorageTek Tape Analytics SW Tool. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in StorageTek Tape Analytics SW Tool, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all StorageTek Tape Analytics SW Tool accessible data as well as unauthorized read access to a subset of StorageTek Tape Analytics SW Tool accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N). Security patch has been released CVE-2020-5421 P-10085V-2.3 6.5 AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N Tape General STA - StorageTek Tape Analytics SW Tool Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2788472.1 P-10085V-2.3 Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Balance Monitoring Manager (Kibana)). The supported version that is affected is 12.0.0.3.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Billing and Revenue Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Billing and Revenue Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L). Security patch has been released CVE-2020-7017 P-2136V-12.0.0.3.0 6.7 AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L Communications Billing and Revenue Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2785183.1 P-2136V-12.0.0.3.0 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search (Kibana)). The supported version that is affected is 8.58. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L). Security patch has been released CVE-2020-7017 P-5085V-8.58 6.7 AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L PeopleSoft Enterprise PT PeopleTools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2788006.1 P-5085V-8.58 Vulnerability in the Oracle Financial Services Regulatory Reporting with AgileREPORTER product of Oracle Financial Services Applications (component: Reports (Apache ZooKeeper)). The supported version that is affected is 8.0.9.6.3. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Financial Services Regulatory Reporting with AgileREPORTER. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Regulatory Reporting with AgileREPORTER. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-7712 P-13077V-8.0.9.6.3 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Financial Services Regulatory Reporting with AgileREPORTER Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2791194.1 P-13077V-8.0.9.6.3 Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Signaling (Kibana)). The supported version that is affected is 1.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Function Cloud Native Environment. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-7733 P-14125V-1.7.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Communications Cloud Native Core Network Function Cloud Native Environment Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2791656.1 P-14125V-1.7.0 Vulnerability in the Enterprise Manager Express User Interface (CodeMirror) component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows low privileged attacker having User Account privilege with network access via HTTP to compromise Enterprise Manager Express User Interface (CodeMirror). Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Express User Interface (CodeMirror). CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). Security patch has been released CVE-2020-7760 P-5V-19c 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Database - Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-5V-19c Vulnerability in the Essbase product of Oracle Essbase (component: Infrastructure (CodeMirror)). The supported version that is affected is 21.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Essbase. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Essbase. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Security patch has been released CVE-2020-7760 P-4379V-21.2 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Hyperion Essbase Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-4379V-21.2 Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: DashBoard (Lodash)). Supported versions that are affected are 14.2, 14.3 and 14.5. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Liquidity Management accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 7.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H). Security patch has been released CVE-2020-8203 P-13304V-14.2 P-13304V-14.3 P-13304V-14.5 7.4 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H Banking Liquidity Management Oracle customers with valid support contracts https://support.oracle.com P-13304V-14.2 P-13304V-14.3 P-13304V-14.5 Security-in-Depth issue in the Big Data Spatial and Graph product of Oracle Big Data Graph (component: Big Data Graph (Lodash)). This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2020-8203 P-11528V-All Supported Versions 0.0 Big Data Spatial and Graph Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-11528V-All Supported Versions Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Billing Care (Lodash)). Supported versions that are affected are 7.5.0.23.0 and 12.0.0.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Billing and Revenue Management accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 7.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H). Security patch has been released CVE-2020-8203 P-2136V-7.5.0.23.0 P-2136V-12.0.0.3.0 7.4 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H Communications Billing and Revenue Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2785183.1 P-2136V-7.5.0.23.0 P-2136V-12.0.0.3.0 Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin (Lodash)). Supported versions that are affected are 17.12.0-17.12.11, 18.8.0-18.8.11, 19.12.0-19.12.10 and 20.12.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Gateway. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera Gateway accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Gateway. CVSS 3.1 Base Score 7.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H). Security patch has been released CVE-2020-8203 P-10605V-17.12.0-17.12.11 P-10605V-18.8.0-18.8.11 P-10605V-19.12.0-19.12.10 P-10605V-20.12.0 7.4 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H Primavera Gateway Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2783281.1 P-10605V-17.12.0-17.12.11 P-10605V-18.8.0-18.8.11 P-10605V-19.12.0-19.12.10 P-10605V-20.12.0 Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (Node.js)). Supported versions that are affected are 16.0.6, 17.0.4, 18.0.3, 19.0.2 and 20.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Xstore Point of Service. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-8277 P-11513V-16.0.6 P-11513V-17.0.4 P-11513V-18.0.3 P-11513V-19.0.2 P-11513V-20.0.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Retail Xstore Point of Service Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2783353.1 P-11513V-16.0.6 P-11513V-17.0.4 P-11513V-18.0.3 P-11513V-19.0.2 P-11513V-20.0.1 Vulnerability in the Essbase product of Oracle Essbase (component: Infrastructure (cURL)). The supported version that is affected is 21.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Essbase. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Essbase. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-8285 P-4379V-21.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Hyperion Essbase Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-4379V-21.2 Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Balances (cURL)). The supported version that is affected is 12.0.0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Billing and Revenue Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2020-8286 P-2136V-12.0.0.3.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Communications Billing and Revenue Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2785183.1 P-2136V-12.0.0.3.0 Vulnerability in the Oracle Data Integrator product of Oracle Fusion Middleware (component: Install, config, upgrade (Guava)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Data Integrator executes to compromise Oracle Data Integrator. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Data Integrator accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-8908 P-2196V-12.2.1.3.0 P-2196V-12.2.1.4.0 3.3 AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Data Integrator Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-2196V-12.2.1.3.0 P-2196V-12.2.1.4.0 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search (Google Guava)). Supported versions that are affected are 8.57, 8.58 and 8.59. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-8908 P-5085V-8.57 P-5085V-8.58 P-5085V-8.59 3.3 AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N PeopleSoft Enterprise PT PeopleTools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2788006.1 P-5085V-8.57 P-5085V-8.58 P-5085V-8.59 Security-in-Depth issue in the Oracle Spatial and Graph MapViewer (Google Guava) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2020-8908 P-619V-All Supported Versions 0.0 Spatial and Graph Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-619V-All Supported Versions Vulnerability in the Oracle Communications Instant Messaging Server product of Oracle Communications Applications (component: Managing Messages (Apache Tomcat)). The supported version that is affected is 10.0.1.4.0. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Instant Messaging Server executes to compromise Oracle Communications Instant Messaging Server. Successful attacks of this vulnerability can result in takeover of Oracle Communications Instant Messaging Server. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-9484 P-8495V-10.0.1.4.0 7.0 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Communications Instant Messaging Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2786444.1 P-8495V-10.0.1.4.0 Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager product of Oracle Commerce (component: Experience Manage (jackson-databind)). The supported version that is affected is 11.3.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search / Oracle Commerce Experience Manager. Successful attacks of this vulnerability can result in takeover of Oracle Commerce Guided Search / Oracle Commerce Experience Manager. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-20190 P-9633V-11.3.2 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Commerce Guided Search / Oracle Commerce Experience Manager Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2792990.1 P-9633V-11.3.2 Vulnerability in the Oracle Communications Network Charging and Control product of Oracle Communications Applications (component: Common fns (SQLite)). Supported versions that are affected are 6.0.1.0 and 12.0.1.0-12.0.4.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Network Charging and Control executes to compromise Oracle Communications Network Charging and Control. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Network Charging and Control. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-20227 P-4623V-6.0.1.0 P-4623V-12.0.1.0-12.0.4.0 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Communications Network Charging and Control Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2790722.1 P-4623V-6.0.1.0 P-4623V-12.0.1.0-12.0.4.0 Vulnerability in the Oracle Communications Design Studio product of Oracle Communications Applications (component: Modeling (Netty)). The supported version that is affected is 7.4.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Design Studio executes to compromise Oracle Communications Design Studio. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Design Studio accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2021-21290 P-2283V-7.4.2 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Communications Design Studio Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2789906.1 P-2283V-7.4.2 Vulnerability in the Oracle Hospitality Suite8 product of Oracle Hospitality Applications (component: Spa and Leisure (Netty)). Supported versions that are affected are 8.13 and 8.14. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality Suite8 executes to compromise Oracle Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suite8 accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2021-21290 P-12614V-8.13 P-12614V-8.14 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N MICROS BellaVita Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2785669.1 P-12614V-8.13 P-12614V-8.14 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search (Netty)). Supported versions that are affected are 8.57, 8.58 and 8.59. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2021-21290 P-5085V-8.57 P-5085V-8.58 P-5085V-8.59 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N PeopleSoft Enterprise PT PeopleTools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2788006.1 P-5085V-8.57 P-5085V-8.58 P-5085V-8.59 Vulnerability in the Oracle BAM (Business Activity Monitoring) product of Oracle Fusion Middleware (component: General (XStream)). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BAM (Business Activity Monitoring). While the vulnerability is in Oracle BAM (Business Activity Monitoring), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle BAM (Business Activity Monitoring). CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Security patch has been released CVE-2021-21345 P-1675V-11.1.1.9.0 P-1675V-12.2.1.3.0 P-1675V-12.2.1.4.0 9.9 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H BAM (Business Activity Monitoring) Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-1675V-11.1.1.9.0 P-1675V-12.2.1.3.0 P-1675V-12.2.1.4.0 Vulnerability in the Oracle Banking Enterprise Default Management product of Oracle Financial Services Applications (component: Collections (XStream)). Supported versions that are affected are 2.10.0 and 2.12.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Enterprise Default Management. While the vulnerability is in Oracle Banking Enterprise Default Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Banking Enterprise Default Management. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Security patch has been released CVE-2021-21345 P-13390V-2.10.0 P-13390V-2.12.0 9.9 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Banking Enterprise Default Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787695.1 P-13390V-2.10.0 P-13390V-2.12.0 Vulnerability in the Oracle Banking Platform product of Oracle Financial Services Applications (component: Collections (XStream)). Supported versions that are affected are 2.4.0, 2.7.1, 2.9.0 and 2.12.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Platform. While the vulnerability is in Oracle Banking Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Banking Platform. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Security patch has been released CVE-2021-21345 P-9178V-2.4.0 P-9178V-2.7.1 P-9178V-2.9.0 P-9178V-2.12.0 9.9 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Banking Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787695.1 P-9178V-2.4.0 P-9178V-2.7.1 P-9178V-2.9.0 P-9178V-2.12.0 Vulnerability in the Oracle Communications BRM - Elastic Charging Engine product of Oracle Communications Applications (component: CN ECE (XStream)). The supported version that is affected is 12.0.0.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications BRM - Elastic Charging Engine. While the vulnerability is in Oracle Communications BRM - Elastic Charging Engine, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Communications BRM - Elastic Charging Engine. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Security patch has been released CVE-2021-21345 P-9742V-12.0.0.3.0 9.9 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Communications BRM - Elastic Charging Engine Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2785183.1 P-9742V-12.0.0.3.0 Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Drools Ruleset (XStream)). Supported versions that are affected are 7.3.2, 7.3.4, 7.3.5, 7.4.0 and 7.4.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. While the vulnerability is in Oracle Communications Unified Inventory Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Inventory Management. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Security patch has been released CVE-2021-21345 P-4516V-7.3.2 P-4516V-7.3.4 P-4516V-7.3.5 P-4516V-7.4.0 P-4516V-7.4.1 9.9 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Communications Unified Inventory Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2785180.1 P-4516V-7.3.2 P-4516V-7.3.4 P-4516V-7.3.5 P-4516V-7.4.0 P-4516V-7.4.1 Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (XStream)). Supported versions that are affected are 16.0.6, 17.0.4, 18.0.3 and 19.0.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. While the vulnerability is in Oracle Retail Xstore Point of Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Retail Xstore Point of Service. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Security patch has been released CVE-2021-21345 P-11513V-16.0.6 P-11513V-17.0.4 P-11513V-18.0.3 P-11513V-19.0.2 9.9 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Retail Xstore Point of Service Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2783353.1 P-11513V-16.0.6 P-11513V-17.0.4 P-11513V-18.0.3 P-11513V-19.0.2 Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework (XStream)). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Portal. While the vulnerability is in Oracle WebCenter Portal, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Portal. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Security patch has been released CVE-2021-21345 P-1696V-11.1.1.9.0 P-1696V-12.2.1.3.0 P-1696V-12.2.1.4.0 9.9 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H WebCenter Portal Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-1696V-11.1.1.9.0 P-1696V-12.2.1.3.0 P-1696V-12.2.1.4.0 Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin (Netty)). Supported versions that are affected are 17.12.0-17.12.11, 18.8.0-18.8.11 and 19.12.0-19.12.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Gateway. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera Gateway accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2021-21409 P-10605V-17.12.0-17.12.11 P-10605V-18.8.0-18.8.11 P-10605V-19.12.0-19.12.10 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Primavera Gateway Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2783281.1 P-10605V-17.12.0-17.12.11 P-10605V-18.8.0-18.8.11 P-10605V-19.12.0-19.12.10 Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: REST API (Spring Security)). The supported version that is affected is 7.4.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Inventory Management. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-22112 P-4516V-7.4.1 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Communications Unified Inventory Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2785180.1 P-4516V-7.4.1 Vulnerability in the Oracle Insurance Policy Administration product of Oracle Insurance Applications (component: Architecture (Spring Security)). Supported versions that are affected are 11.2.0 and 11.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Insurance Policy Administration. Successful attacks of this vulnerability can result in takeover of Oracle Insurance Policy Administration. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-22112 P-5279V-11.2.0 P-5279V-11.3.0 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Insurance Policy Administration J2EE Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2784893.1 P-5279V-11.2.0 P-5279V-11.3.0 Vulnerability in the Oracle Retail Financial Integration product of Oracle Retail Applications (component: PeopleSoft Integration Bugs (Spring Framework)). Supported versions that are affected are 16.0.3.0, 15.0.3.1 and 14.1.3.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Retail Financial Integration executes to compromise Oracle Retail Financial Integration. Successful attacks of this vulnerability can result in takeover of Oracle Retail Financial Integration. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-22118 P-10722V-16.0.3.0 P-10722V-15.0.3.1 P-10722V-14.1.3.2 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Retail Financial Integration Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2783353.1 P-10722V-16.0.3.0 P-10722V-15.0.3.1 P-10722V-14.1.3.2 Vulnerability in the Oracle Retail Integration Bus product of Oracle Retail Applications (component: RIB Kernal (Spring Framework)). Supported versions that are affected are 16.0.3.0, 15.0.3.1 and 14.1.3.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Retail Integration Bus executes to compromise Oracle Retail Integration Bus. Successful attacks of this vulnerability can result in takeover of Oracle Retail Integration Bus. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-22118 P-1807V-16.0.3.0 P-1807V-15.0.3.1 P-1807V-14.1.3.2 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Retail Integration Bus Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2783353.1 P-1807V-16.0.3.0 P-1807V-15.0.3.1 P-1807V-14.1.3.2 Vulnerability in the Oracle Retail Order Broker product of Oracle Retail Applications (component: System Administration (Spring Framework)). The supported version that is affected is 16.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Retail Order Broker executes to compromise Oracle Retail Order Broker. Successful attacks of this vulnerability can result in takeover of Oracle Retail Order Broker. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-22118 P-11520V-16.0 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Retail Order Broker Cloud Service Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2783353.1 P-11520V-16.0 Vulnerability in the Essbase Analytic Provider Services product of Oracle Essbase (component: JAPI). The supported version that is affected is 21.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Essbase Analytic Provider Services. While the vulnerability is in Essbase Analytic Provider Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Essbase Analytic Provider Services. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Security patch has been released CVE-2021-2244 P-4349V-21.2 10.0 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Hyperion Analytic Provider Services Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-4349V-21.2 Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: JS module (Node.js)). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-22884 P-8479V-8.0.25 and prior 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MySQL Cluster Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787955.1 P-8479V-8.0.25 and prior Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search (Node.js)). Supported versions that are affected are 8.58 and 8.59. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-22884 P-5085V-8.58 P-5085V-8.59 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H PeopleSoft Enterprise PT PeopleTools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2788006.1 P-5085V-8.58 P-5085V-8.59 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (curl)). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-22901 P-8478V-5.7.34 and prior P-8478V-8.0.25 and prior 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787955.1 P-8478V-5.7.34 and prior P-8478V-8.0.25 and prior Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Flex-Branch). Supported versions that are affected are 12.3, 12.4, 14.0-14.4 and . Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2021-2323 P-9052V-12.3 P-9052V-12.4 P-9052V-14.0-14.4 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N FLEXCUBE Universal Banking Oracle customers with valid support contracts https://support.oracle.com P-9052V-12.3 P-9052V-12.4 P-9052V-14.0-14.4 Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Loans And Deposits). Supported versions that are affected are 12.0-12.4, 14.0-14.4 and . Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N). Security patch has been released CVE-2021-2324 P-9052V-12.0-12.4 P-9052V-14.0-14.4 4.6 AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N FLEXCUBE Universal Banking Oracle customers with valid support contracts https://support.oracle.com P-9052V-12.0-12.4 P-9052V-14.0-14.4 Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise Database Vault. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Database Vault accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2021-2326 P-5V-12.2.0.1 P-5V-19c 2.7 AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N Database - Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-5V-12.2.0.1 P-5V-19c Vulnerability in the Oracle Text component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure, Alter Any Table privilege with network access via Oracle Net to compromise Oracle Text. Successful attacks of this vulnerability can result in takeover of Oracle Text. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-2328 P-211V-12.1.0.2 P-211V-12.2.0.1 P-211V-19c 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Text Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-211V-12.1.0.2 P-211V-12.2.0.1 P-211V-19c Vulnerability in the Oracle XML DB component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure, Create Public Synonym privilege with network access via Oracle Net to compromise Oracle XML DB. Successful attacks of this vulnerability can result in takeover of Oracle XML DB. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-2329 P-5V-12.1.0.2 P-5V-12.2.0.1 P-5V-19c 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Database - Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-5V-12.1.0.2 P-5V-12.2.0.1 P-5V-19c Vulnerability in the Core RDBMS component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows low privileged attacker having Create Table privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). Security patch has been released CVE-2021-2330 P-5V-19c 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Database - Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-5V-19c Vulnerability in the Oracle XML DB component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Alter User privilege with network access via Oracle Net to compromise Oracle XML DB. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle XML DB accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2021-2333 P-5V-12.1.0.2 P-5V-12.2.0.1 P-5V-19c 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Database - Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-5V-12.1.0.2 P-5V-12.2.0.1 P-5V-19c Security-in-Depth issue in the RDBMS (Python) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. Security patch has been released CVE-2021-23336 P-5V-All Supported Versions 0.0 Database - Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-5V-All Supported Versions Vulnerability in the Oracle Database - Enterprise Edition Data Redaction component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Data Redaction. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition Data Redaction accessible data. CVSS 3.1 Base Score 3.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N). Security patch has been released CVE-2021-2334 P-5V-12.1.0.2 P-5V-12.2.0.1 P-5V-19c 3.5 AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N Database - Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-5V-12.1.0.2 P-5V-12.2.0.1 P-5V-19c Vulnerability in the Oracle Database - Enterprise Edition Data Redaction component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Data Redaction. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition Data Redaction accessible data. CVSS 3.1 Base Score 3.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N). Security patch has been released CVE-2021-2335 P-5V-12.1.0.2 P-5V-12.2.0.1 P-5V-19c 3.5 AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N Database - Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-5V-12.1.0.2 P-5V-12.2.0.1 P-5V-19c Vulnerability in the Oracle Database - Enterprise Edition Data Redaction component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Data Redaction. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition Data Redaction accessible data. CVSS 3.1 Base Score 3.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N). Security patch has been released CVE-2021-2336 P-5V-12.1.0.2 P-5V-12.2.0.1 P-5V-19c 3.5 AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N Database - Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-5V-12.1.0.2 P-5V-12.2.0.1 P-5V-19c Vulnerability in the Oracle XML DB component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure, Create Public Synonym privilege with network access via Oracle Net to compromise Oracle XML DB. Successful attacks of this vulnerability can result in takeover of Oracle XML DB. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-2337 P-5V-12.1.0.2 P-5V-12.2.0.1 P-5V-19c 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Database - Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-5V-12.1.0.2 P-5V-12.2.0.1 P-5V-19c Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM (component: Email Marketing Stand-Alone). Supported versions that are affected are 21.5 and Prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Apps - Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel Apps - Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel Apps - Marketing accessible data as well as unauthorized read access to a subset of Siebel Apps - Marketing accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2021-2338 P-8974V-21.5 and Prior 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Siebel Apps - Marketing Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787995.1 P-8974V-21.5 and Prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-2339 P-8478V-8.0.25 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787955.1 P-8478V-8.0.25 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L). Security patch has been released CVE-2021-2340 P-8478V-8.0.25 and prior 2.7 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787955.1 P-8478V-8.0.25 and prior Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). Security patch has been released CVE-2021-2341 P-856V-Java SE:7u301 P-856V-Java SE:8u291 P-856V-Java SE:11.0.11 P-856V-Java SE:16.0.1 P-13497V-Oracle GraalVM Enterprise Edition:20.3.2 P-13497V-Oracle GraalVM Enterprise Edition:21.1.0 3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N Java SE JDK and JRE Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787003.1 P-856V-Java SE:7u301 P-856V-Java SE:8u291 P-856V-Java SE:11.0.11 P-856V-Java SE:16.0.1 P-13497V-Oracle GraalVM Enterprise Edition:20.3.2 P-13497V-Oracle GraalVM Enterprise Edition:21.1.0 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-2342 P-8478V-5.7.34 and prior P-8478V-8.0.25 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787955.1 P-8478V-5.7.34 and prior P-8478V-8.0.25 and prior Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Notification Mailer). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Workflow accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2021-2343 P-174V-12.1.3 P-174V-12.2.3-12.2.10 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Workflow Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2770321.1 P-174V-12.1.3 P-174V-12.2.3-12.2.10 Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle Coherence. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Coherence. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-2344 P-2545V-3.7.1.0 P-2545V-12.1.3.0.0 P-2545V-12.2.1.3.0 P-2545V-12.2.1.4.0 P-2545V-14.1.1.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Coherence Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-2545V-3.7.1.0 P-2545V-12.1.3.0.0 P-2545V-12.2.1.3.0 P-2545V-12.2.1.4.0 P-2545V-14.1.1.0.0 Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager product of Oracle Commerce (component: Tools and Frameworks). The supported version that is affected is 11.3.1.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Commerce Guided Search / Oracle Commerce Experience Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Guided Search / Oracle Commerce Experience Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Guided Search / Oracle Commerce Experience Manager accessible data as well as unauthorized read access to a subset of Oracle Commerce Guided Search / Oracle Commerce Experience Manager accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2021-2345 P-9633V-11.3.1.5 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Commerce Guided Search / Oracle Commerce Experience Manager Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2792990.1 P-9633V-11.3.1.5 Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager product of Oracle Commerce (component: Tools and Frameworks). The supported version that is affected is 11.3.1.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Commerce Guided Search / Oracle Commerce Experience Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Guided Search / Oracle Commerce Experience Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Guided Search / Oracle Commerce Experience Manager accessible data as well as unauthorized read access to a subset of Oracle Commerce Guided Search / Oracle Commerce Experience Manager accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2021-2346 P-9633V-11.3.1.5 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Commerce Guided Search / Oracle Commerce Experience Manager Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2792990.1 P-9633V-11.3.1.5 Vulnerability in the Hyperion Infrastructure Technology product of Oracle Hyperion (component: Lifecycle Management). The supported version that is affected is 11.2.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Infrastructure Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hyperion Infrastructure Technology accessible data as well as unauthorized update, insert or delete access to some of Hyperion Infrastructure Technology accessible data. CVSS 3.1 Base Score 5.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N). Security patch has been released CVE-2021-2347 P-4392V-11.2.5.0 5.2 AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N Hyperion Infrastructure Technology Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-4392V-11.2.5.0 Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager product of Oracle Commerce (component: Tools and Frameworks). The supported version that is affected is 11.3.1.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Commerce Guided Search / Oracle Commerce Experience Manager. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Commerce Guided Search / Oracle Commerce Experience Manager accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2021-2348 P-9633V-11.3.1.5 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Commerce Guided Search / Oracle Commerce Experience Manager Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2792990.1 P-9633V-11.3.1.5 Vulnerability in the Hyperion Essbase Administration Services product of Oracle Essbase (component: EAS Console). Supported versions that are affected are 11.1.2.4 and 21.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Essbase Administration Services. While the vulnerability is in Hyperion Essbase Administration Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hyperion Essbase Administration Services accessible data. CVSS 3.1 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). Security patch has been released CVE-2021-2349 P-4380V-11.1.2.4 P-4380V-21.2 8.6 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Hyperion Essbase Administration Services Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-4380V-11.1.2.4 P-4380V-21.2 Vulnerability in the Hyperion Essbase Administration Services product of Oracle Essbase (component: EAS Console). Supported versions that are affected are 11.1.2.4 and 21.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Essbase Administration Services. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hyperion Essbase Administration Services accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2021-2350 P-4380V-11.1.2.4 P-4380V-21.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Hyperion Essbase Administration Services Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-4380V-11.1.2.4 P-4380V-21.2 Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: “Changes in Native Network Encryption with the July 2021 Critical Patch Update” (<a href="https://support.oracle.com/rs?type=doc&id=2791571.1">Doc ID 2791571.1</a>). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). Security patch has been released CVE-2021-2351 P-219V-12.1.0.2 P-219V-12.2.0.1 P-219V-19c 8.3 AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H Advanced Networking Option Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-219V-12.1.0.2 P-219V-12.2.0.1 P-219V-19c Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-2352 P-8478V-8.0.25 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787955.1 P-8478V-8.0.25 and prior Vulnerability in the Siebel Core - Server Framework product of Oracle Siebel CRM (component: Loging). Supported versions that are affected are 21.5 and Prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Siebel Core - Server Framework executes to compromise Siebel Core - Server Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Siebel Core - Server Framework accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2021-2353 P-9001V-21.5 and Prior 4.4 AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Siebel Core - Server Framework Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787995.1 P-9001V-21.5 and Prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-2354 P-8478V-8.0.25 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787955.1 P-8478V-8.0.25 and prior Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Marketing accessible data as well as unauthorized access to critical data or complete access to all Oracle Marketing accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2021-2355 P-229V-12.1.1-12.1.3 P-229V-12.2.3-12.2.10 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Marketing Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2770321.1 P-229V-12.1.1-12.1.3 P-229V-12.2.3-12.2.10 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H). Security patch has been released CVE-2021-2356 P-8478V-5.7.34 and prior P-8478V-8.0.25 and prior 5.9 AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787955.1 P-8478V-5.7.34 and prior P-8478V-8.0.25 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-2357 P-8478V-8.0.25 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787955.1 P-8478V-8.0.25 and prior Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Rest interfaces for Access Mgr). The supported version that is affected is 11.1.2.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Access Manager accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2021-2358 P-5565V-11.1.2.3.0 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Access Manager Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-5565V-11.1.2.3.0 Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Security patch has been released CVE-2021-2359 P-229V-12.1.1-12.1.3 P-229V-12.2.3-12.2.10 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N Marketing Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2770321.1 P-229V-12.1.1-12.1.3 P-229V-12.2.3-12.2.10 Vulnerability in the Oracle Approvals Management product of Oracle E-Business Suite (component: AME Page rendering). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Approvals Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Approvals Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Approvals Management accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2021-2360 P-1168V-12.1.1-12.1.3 8.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Approvals Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2770321.1 P-1168V-12.1.1-12.1.3 Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite (component: SDK client integration). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Advanced Inbound Telephony. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Advanced Inbound Telephony accessible data as well as unauthorized access to critical data or complete access to all Oracle Advanced Inbound Telephony accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2021-2361 P-265V-12.1.1-12.1.3 P-265V-12.2.3-12.2.10 8.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Advanced Inbound Telephony Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2770321.1 P-265V-12.1.1-12.1.3 P-265V-12.2.3-12.2.10 Vulnerability in the Oracle Field Service product of Oracle E-Business Suite (component: Wireless). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Field Service. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Field Service accessible data as well as unauthorized access to critical data or complete access to all Oracle Field Service accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2021-2362 P-747V-12.1.1-12.1.3 8.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Field Service Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2770321.1 P-747V-12.1.1-12.1.3 Vulnerability in the Oracle Public Sector Financials (International) product of Oracle E-Business Suite (component: Authorization). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Public Sector Financials (International). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Public Sector Financials (International) accessible data as well as unauthorized access to critical data or complete access to all Oracle Public Sector Financials (International) accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2021-2363 P-26V-12.1.1-12.1.3 8.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Public Sector Financials (International) Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2770321.1 P-26V-12.1.1-12.1.3 Vulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite (component: Accounts). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iSupplier Portal. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle iSupplier Portal accessible data as well as unauthorized access to critical data or complete access to all Oracle iSupplier Portal accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2021-2364 P-208V-12.1.1-12.1.3 P-208V-12.2.3-12.2.10 8.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N iSupplier Portal Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2770321.1 P-208V-12.1.1-12.1.3 P-208V-12.2.3-12.2.10 Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: People Management). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Human Resources. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2021-2365 P-507V-12.1.1-12.1.3 8.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Human Resources Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2770321.1 P-507V-12.1.1-12.1.3 Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 17.12.0-17.12.20, 18.8.0-18.8.23, 19.12.0-19.12.14 and 20.12.0-20.12.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. While the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.1 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N). Security patch has been released CVE-2021-2366 P-5579V-17.12.0-17.12.20 P-5579V-18.8.0-18.8.23 P-5579V-19.12.0-19.12.14 P-5579V-20.12.0-20.12.3 6.4 AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Primavera P6 Enterprise Project Portfolio Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2783281.1 P-5579V-17.12.0-17.12.20 P-5579V-18.8.0-18.8.23 P-5579V-19.12.0-19.12.14 P-5579V-20.12.0-20.12.3 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-2367 P-8478V-8.0.25 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787955.1 P-8478V-8.0.25 and prior Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: Siebel Core - Server Infrastructure). Supported versions that are affected are 21.5 and Prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Siebel CRM. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Siebel CRM accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2021-2368 P-9001V-21.5 and Prior 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Siebel Core - Server Framework Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787995.1 P-9001V-21.5 and Prior Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). Security patch has been released CVE-2021-2369 P-856V-Java SE:7u301 P-856V-Java SE:8u291 P-856V-Java SE:11.0.11 P-856V-Java SE:16.0.1 P-13497V-Oracle GraalVM Enterprise Edition:20.3.2 P-13497V-Oracle GraalVM Enterprise Edition:21.1.0 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Java SE JDK and JRE Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787003.1 P-856V-Java SE:7u301 P-856V-Java SE:8u291 P-856V-Java SE:11.0.11 P-856V-Java SE:16.0.1 P-13497V-Oracle GraalVM Enterprise Edition:20.3.2 P-13497V-Oracle GraalVM Enterprise Edition:21.1.0 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-2370 P-8478V-8.0.25 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787955.1 P-8478V-8.0.25 and prior Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle Coherence. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Coherence. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-2371 P-2545V-3.7.1.0 P-2545V-12.1.3.0.0 P-2545V-12.2.1.3.0 P-2545V-12.2.1.4.0 P-2545V-14.1.1.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Coherence Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-2545V-3.7.1.0 P-2545V-12.1.3.0.0 P-2545V-12.2.1.3.0 P-2545V-12.2.1.4.0 P-2545V-14.1.1.0.0 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-2372 P-8478V-5.7.34 and prior P-8478V-8.0.25 and prior 4.4 AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787955.1 P-8478V-5.7.34 and prior P-8478V-8.0.25 and prior Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime). Supported versions that are affected are 9.2.5.3 and Prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2021-2373 P-4781V-9.2.5.3 and Prior 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N JD Edwards EnterpriseOne Tools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787996.1 P-4781V-9.2.5.3 and Prior Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2021-2374 P-8478V-8.0.25 and prior 4.1 AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787955.1 P-8478V-8.0.25 and prior Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime). Supported versions that are affected are 9.2.5.3 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2021-2375 P-4781V-9.2.5.3 and prior 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N JD Edwards EnterpriseOne Tools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787996.1 P-4781V-9.2.5.3 and prior Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-2376 P-5242V-10.3.6.0.0 P-5242V-12.1.3.0.0 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H WebLogic Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-5242V-10.3.6.0.0 P-5242V-12.1.3.0.0 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: SQR). Supported versions that are affected are 8.57, 8.58 and 8.59. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2021-2377 P-5085V-8.57 P-5085V-8.58 P-5085V-8.59 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N PeopleSoft Enterprise PT PeopleTools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2788006.1 P-5085V-8.57 P-5085V-8.58 P-5085V-8.59 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-2378 P-5242V-10.3.6.0.0 P-5242V-12.1.3.0.0 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H WebLogic Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-5242V-10.3.6.0.0 P-5242V-12.1.3.0.0 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Framework accessible data as well as unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.1 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N). Security patch has been released CVE-2021-2380 P-1472V-12.1.3 P-1472V-12.2.3-12.2.10 7.6 AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N Applications Framework Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2770321.1 P-1472V-12.1.3 P-1472V-12.2.3-12.2.10 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.1 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L). Security patch has been released CVE-2021-2381 P-10006V-11 3.9 AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L Solaris Operating System Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2788472.1 P-10006V-11 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-2382 P-5242V-10.3.6.0.0 P-5242V-12.1.3.0.0 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WebLogic Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-5242V-10.3.6.0.0 P-5242V-12.1.3.0.0 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-2383 P-8478V-8.0.25 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787955.1 P-8478V-8.0.25 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-2384 P-8478V-8.0.25 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787955.1 P-8478V-8.0.25 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H). Security patch has been released CVE-2021-2385 P-8478V-5.7.34 and prior P-8478V-8.0.25 and prior 5.0 AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787955.1 P-8478V-5.7.34 and prior P-8478V-8.0.25 and prior Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 20.12.0-20.12.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2021-2386 P-5579V-20.12.0-20.12.3 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Primavera P6 Enterprise Project Portfolio Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2783281.1 P-5579V-20.12.0-20.12.3 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-2387 P-8478V-8.0.25 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787955.1 P-8478V-8.0.25 and prior Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-2388 P-856V-Java SE:8u291 P-856V-Java SE:11.0.11 P-856V-Java SE:16.0.1 P-13497V-Oracle GraalVM Enterprise Edition:20.3.2 P-13497V-Oracle GraalVM Enterprise Edition:21.1.0 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Java SE JDK and JRE Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787003.1 P-856V-Java SE:8u291 P-856V-Java SE:11.0.11 P-856V-Java SE:16.0.1 P-13497V-Oracle GraalVM Enterprise Edition:20.3.2 P-13497V-Oracle GraalVM Enterprise Edition:21.1.0 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-2389 P-8478V-5.7.34 and prior P-8478V-8.0.25 and prior 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787955.1 P-8478V-5.7.34 and prior P-8478V-8.0.25 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-2390 P-8478V-5.7.34 and prior P-8478V-8.0.25 and prior 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787955.1 P-8478V-5.7.34 and prior P-8478V-8.0.25 and prior Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Scheduler). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in takeover of Oracle BI Publisher. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-2391 P-1479V-5.5.0.0.0 P-1479V-11.1.1.9.0 P-1479V-12.2.1.3.0 P-1479V-12.2.1.4.0 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H BI Publisher (formerly XML Publisher) Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-1479V-5.5.0.0.0 P-1479V-11.1.1.9.0 P-1479V-12.2.1.3.0 P-1479V-12.2.1.4.0 Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in takeover of Oracle BI Publisher. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-2392 P-1479V-5.5.0.0.0 P-1479V-11.1.1.9.0 P-1479V-12.2.1.3.0 P-1479V-12.2.1.4.0 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H BI Publisher (formerly XML Publisher) Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-1479V-5.5.0.0.0 P-1479V-11.1.1.9.0 P-1479V-12.2.1.3.0 P-1479V-12.2.1.4.0 Vulnerability in the Oracle E-Records product of Oracle E-Business Suite (component: E-signatures). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle E-Records. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle E-Records accessible data as well as unauthorized access to critical data or complete access to all Oracle E-Records accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2021-2393 P-1325V-12.1.1-12.1.3 P-1325V-12.2.3-12.2.10 8.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N E-Records Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2770321.1 P-1325V-12.1.1-12.1.3 P-1325V-12.2.3-12.2.10 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-2394 P-5242V-10.3.6.0.0 P-5242V-12.1.3.0.0 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WebLogic Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-5242V-10.3.6.0.0 P-5242V-12.1.3.0.0 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: iCare, Configuration). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2021-2395 P-11599V-9.1.0 8.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Hospitality Reporting and Analytics Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2780088.1 P-11599V-9.1.0 Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in takeover of Oracle BI Publisher. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-2396 P-1479V-5.5.0.0.0 P-1479V-11.1.1.9.0 P-1479V-12.2.1.3.0 P-1479V-12.2.1.4.0 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H BI Publisher (formerly XML Publisher) Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-1479V-5.5.0.0.0 P-1479V-11.1.1.9.0 P-1479V-12.2.1.3.0 P-1479V-12.2.1.4.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-2397 P-5242V-10.3.6.0.0 P-5242V-12.1.3.0.0 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WebLogic Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-5242V-10.3.6.0.0 P-5242V-12.1.3.0.0 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Region Mapping). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Advanced Outbound Telephony accessible data as well as unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2021-2398 P-785V-12.1.1-12.1.3 P-785V-12.2.3-12.2.10 8.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Advanced Outbound Telephony Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2770321.1 P-785V-12.1.1-12.1.3 P-785V-12.2.3-12.2.10 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-2399 P-8478V-8.0.25 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787955.1 P-8478V-8.0.25 and prior Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2021-2400 P-1479V-5.5.0.0.0 P-1479V-11.1.1.9.0 P-1479V-12.2.1.3.0 P-1479V-12.2.1.4.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N BI Publisher (formerly XML Publisher) Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-1479V-5.5.0.0.0 P-1479V-11.1.1.9.0 P-1479V-12.2.1.3.0 P-1479V-12.2.1.4.0 Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2021-2401 P-1479V-5.5.0.0.0 P-1479V-11.1.1.9.0 P-1479V-12.2.1.3.0 P-1479V-12.2.1.4.0 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N BI Publisher (formerly XML Publisher) Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-1479V-5.5.0.0.0 P-1479V-11.1.1.9.0 P-1479V-12.2.1.3.0 P-1479V-12.2.1.4.0 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-2402 P-8478V-8.0.25 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787955.1 P-8478V-8.0.25 and prior Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2021-2403 P-5242V-10.3.6.0.0 P-5242V-12.1.3.0.0 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WebLogic Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-5242V-10.3.6.0.0 P-5242V-12.1.3.0.0 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 Vulnerability in the PeopleSoft Enterprise HCM Candidate Gateway product of Oracle PeopleSoft (component: e-mail notification). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Candidate Gateway. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Candidate Gateway accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HCM Candidate Gateway accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N). Security patch has been released CVE-2021-2404 P-5043V-9.2 6.5 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N PeopleSoft Enterprise HCM Candidate Gateway Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2788006.1 P-5043V-9.2 Vulnerability in the Oracle Engineering product of Oracle E-Business Suite (component: Change Management). Supported versions that are affected are 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Engineering. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Engineering accessible data as well as unauthorized access to critical data or complete access to all Oracle Engineering accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2021-2405 P-532V-12.2.3-12.2.10 8.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Engineering Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2770321.1 P-532V-12.2.3-12.2.10 Vulnerability in the Oracle Collaborative Planning product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Collaborative Planning. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Collaborative Planning accessible data as well as unauthorized access to critical data or complete access to all Oracle Collaborative Planning accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2021-2406 P-1037V-12.1.1-12.1.3 8.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Collaborative Planning Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2770321.1 P-1037V-12.1.1-12.1.3 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.57, 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2021-2407 P-5085V-8.57 P-5085V-8.58 P-5085V-8.59 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N PeopleSoft Enterprise PT PeopleTools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2788006.1 P-5085V-8.57 P-5085V-8.58 P-5085V-8.59 Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Notification Configuration). The supported version that is affected is 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PT PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2021-2408 P-5085V-8.59 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N PeopleSoft Enterprise PT PeopleTools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2788006.1 P-5085V-8.59 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). Security patch has been released CVE-2021-2409 P-8370V-Prior to 6.1.24 8.2 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H VM VirtualBox Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2788251.1 P-8370V-Prior to 6.1.24 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-2410 P-8478V-8.0.25 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787955.1 P-8478V-8.0.25 and prior Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: JS module). Supported versions that are affected are 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Security patch has been released CVE-2021-2411 P-8479V-8.0.25 and prior 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L MySQL Cluster Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787955.1 P-8479V-8.0.25 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-2412 P-8478V-8.0.21 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787955.1 P-8478V-8.0.21 and prior Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Folders, Files & Attachments (Apache Tomcat)). Supported versions that are affected are 9.3.3 and 9.3.6. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2021-24122 P-4461V-9.3.3 P-4461V-9.3.6 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Agile PLM Framework Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787997.1 P-4461V-9.3.3 P-4461V-9.3.6 Vulnerability in the Oracle Time and Labor product of Oracle E-Business Suite (component: Timecard). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Time and Labor. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Time and Labor accessible data as well as unauthorized access to critical data or complete access to all Oracle Time and Labor accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2021-2415 P-311V-12.1.1-12.1.3 P-311V-12.2.3-12.2.10 8.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Time and Labor Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2770321.1 P-311V-12.1.1-12.1.3 P-311V-12.2.3-12.2.10 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H). Security patch has been released CVE-2021-2417 P-8478V-8.0.25 and prior 6.0 AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787955.1 P-8478V-8.0.25 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-2418 P-8478V-8.0.25 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787955.1 P-8478V-8.0.25 and prior Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-2419 P-2276V-8.5.5 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Outside In Technology Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-2276V-8.5.5 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-2420 P-2276V-8.5.5 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Outside In Technology Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-2276V-8.5.5 Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Integration and Interfaces). Supported versions that are affected are 9.0 and 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Campus Community. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise CS Campus Community accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2021-2421 P-5183V-9.0 P-5183V-9.2 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N PeopleSoft Enterprise CS Campus Community Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2788006.1 P-5183V-9.0 P-5183V-9.2 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-2422 P-8478V-8.0.25 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787955.1 P-8478V-8.0.25 and prior Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-2423 P-2276V-8.5.5 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Outside In Technology Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-2276V-8.5.5 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-2424 P-8478V-8.0.25 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787955.1 P-8478V-8.0.25 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-2425 P-8478V-8.0.25 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787955.1 P-8478V-8.0.25 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-2426 P-8478V-8.0.25 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787955.1 P-8478V-8.0.25 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-2427 P-8478V-8.0.25 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787955.1 P-8478V-8.0.25 and prior Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-2428 P-2545V-12.1.3.0.0 P-2545V-12.2.1.3.0 P-2545V-12.2.1.4.0 P-2545V-14.1.1.0.0 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Coherence Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-2545V-12.1.3.0.0 P-2545V-12.2.1.3.0 P-2545V-12.2.1.4.0 P-2545V-14.1.1.0.0 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-2429 P-8478V-8.0.25 and prior 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787955.1 P-8478V-8.0.25 and prior Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-2430 P-2276V-8.5.5 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Outside In Technology Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-2276V-8.5.5 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-2431 P-2276V-8.5.5 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Outside In Technology Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-2276V-8.5.5 Vulnerability in the Java SE product of Oracle Java SE (component: JNDI). The supported version that is affected is Java SE: 7u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Security patch has been released CVE-2021-2432 P-856V-Java SE:7u301 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Java SE JDK and JRE Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787003.1 P-856V-Java SE:7u301 Vulnerability in the Essbase Analytic Provider Services product of Oracle Essbase (component: Web Services). Supported versions that are affected are 11.1.2.4 and 21.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Essbase Analytic Provider Services. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Essbase Analytic Provider Services. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-2433 P-4349V-11.1.2.4 P-4349V-21.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Hyperion Analytic Provider Services Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-4349V-11.1.2.4 P-4349V-21.2 Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Application Service). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Web Applications Desktop Integrator accessible data as well as unauthorized access to critical data or complete access to all Oracle Web Applications Desktop Integrator accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2021-2434 P-1171V-12.1.3 P-1171V-12.2.3-12.2.10 8.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Web Applications Desktop Integrator Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2770321.1 P-1171V-12.1.3 P-1171V-12.2.3-12.2.10 Vulnerability in the Essbase Analytic Provider Services product of Oracle Essbase (component: JAPI). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Essbase Analytic Provider Services. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Essbase Analytic Provider Services accessible data as well as unauthorized access to critical data or complete access to all Essbase Analytic Provider Services accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N). Security patch has been released CVE-2021-2435 P-4349V-11.1.2.4 8.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Hyperion Analytic Provider Services Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-4349V-11.1.2.4 Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications accessible data as well as unauthorized update, insert or delete access to some of Oracle Common Applications accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Security patch has been released CVE-2021-2436 P-1198V-12.1.1-12.1.3 P-1198V-12.2.3-12.2.10 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N Common Applications Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2770321.1 P-1198V-12.1.1-12.1.3 P-1198V-12.2.3-12.2.10 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-2437 P-8478V-8.0.25 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787955.1 P-8478V-8.0.25 and prior Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java VM. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). Security patch has been released CVE-2021-2438 P-5V-12.1.0.2 P-5V-12.2.0.1 P-5V-19c 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Database - Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-5V-12.1.0.2 P-5V-12.2.0.1 P-5V-19c Vulnerability in the Oracle Hyperion BI+ product of Oracle Hyperion (component: UI and Visualization). Supported versions that are affected are 11.1.2.4 and 11.2.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hyperion BI+ accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N). Security patch has been released CVE-2021-2439 P-4361V-11.1.2.4 P-4361V-11.2.5.0 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Hyperion BI+ Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-4361V-11.1.2.4 P-4361V-11.2.5.0 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-2440 P-8478V-8.0.25 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787955.1 P-8478V-8.0.25 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-2441 P-8478V-8.0.25 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787955.1 P-8478V-8.0.25 and prior Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 6.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H). Security patch has been released CVE-2021-2442 P-8370V-Prior to 6.1.24 6.0 AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H VM VirtualBox Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2788251.1 P-8370V-Prior to 6.1.24 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. Note: This vulnerability applies to Solaris x86 and Linux systems only. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H). Security patch has been released CVE-2021-2443 P-8370V-Prior to 6.1.24 7.3 AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H VM VirtualBox Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2788251.1 P-8370V-Prior to 6.1.24 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-2444 P-8478V-8.0.23 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H MySQL Server Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787955.1 P-8478V-8.0.23 and prior Vulnerability in the Hyperion Infrastructure Technology product of Oracle Hyperion (component: Lifecycle Management). The supported version that is affected is 11.2.5.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Infrastructure Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Infrastructure Technology accessible data as well as unauthorized access to critical data or complete access to all Hyperion Infrastructure Technology accessible data. CVSS 3.1 Base Score 5.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N). Security patch has been released CVE-2021-2445 P-4392V-11.2.5.0 5.7 AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N Hyperion Infrastructure Technology Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-4392V-11.2.5.0 Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Client). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Secure Global Desktop. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Secure Global Desktop, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Secure Global Desktop. CVSS 3.1 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). Security patch has been released CVE-2021-2446 P-8539V-5.6 9.6 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Secure Global Desktop Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2788251.1 P-8539V-5.6 Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). The supported version that is affected is 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle Secure Global Desktop. While the vulnerability is in Oracle Secure Global Desktop, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Secure Global Desktop. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Security patch has been released CVE-2021-2447 P-8539V-5.6 9.9 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Secure Global Desktop Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2788251.1 P-8539V-5.6 Vulnerability in the Oracle Financial Services Crime and Compliance Investigation Hub product of Oracle Financial Services Applications (component: Reports). The supported version that is affected is 20.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Financial Services Crime and Compliance Investigation Hub executes to compromise Oracle Financial Services Crime and Compliance Investigation Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Crime and Compliance Investigation Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Crime and Compliance Investigation Hub accessible data as well as unauthorized read access to a subset of Oracle Financial Services Crime and Compliance Investigation Hub accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2021-2448 P-13964V-20.1.2 3.7 AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N Financial Services Crime and Compliance Investigation Hub Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2792414.1 P-13964V-20.1.2 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-2449 P-2276V-8.5.5 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Outside In Technology Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-2276V-8.5.5 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-2450 P-2276V-8.5.5 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Outside In Technology Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-2276V-8.5.5 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-2451 P-2276V-8.5.5 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Outside In Technology Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-2276V-8.5.5 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-2452 P-2276V-8.5.5 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Outside In Technology Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-2276V-8.5.5 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-2453 P-2276V-8.5.5 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Outside In Technology Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-2276V-8.5.5 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-2454 P-8370V-Prior to 6.1.24 7.0 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H VM VirtualBox Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2788251.1 P-8370V-Prior to 6.1.24 Vulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft (component: Person Search). The supported version that is affected is 9.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Shared Components. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise HCM Shared Components accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise HCM Shared Components accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2021-2455 P-8943V-9.2 6.5 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N PeopleSoft Enterprise HCM Shared Components Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2788006.1 P-8943V-9.2 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-2456 P-2025V-12.2.1.4.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Business Intelligence Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-2025V-12.2.1.4.0 Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Request Management & Workflow). The supported version that is affected is 11.1.2.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Identity Manager accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2021-2457 P-1980V-11.1.2.3.0 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Identity Manager Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-1980V-11.1.2.3.0 Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Identity Console). Supported versions that are affected are 11.1.2.2.0, 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Identity Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Identity Manager accessible data as well as unauthorized update, insert or delete access to some of Identity Manager accessible data. CVSS 3.1 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N). Security patch has been released CVE-2021-2458 P-1980V-11.1.2.2.0 P-1980V-11.1.2.3.0 P-1980V-12.2.1.3.0 P-1980V-12.2.1.4.0 7.6 AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N Identity Manager Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-1980V-11.1.2.2.0 P-1980V-11.1.2.3.0 P-1980V-12.2.1.3.0 P-1980V-12.2.1.4.0 Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server. The supported version that is affected is Prior to 21.1.0.00.04. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Data Reporter. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Data Reporter, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Data Reporter accessible data as well as unauthorized read access to a subset of Oracle Application Express Data Reporter accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2021-2460 P-1348V-Prior to 21.1.0.00.04 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Application Express (APEX) Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-1348V-Prior to 21.1.0.00.04 Vulnerability in the Oracle Commerce Service Center product of Oracle Commerce (component: Commerce Service Center). Supported versions that are affected are 11.0.0, 11.1.0, 11.2.0 and 11.3.0-11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Service Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Service Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Service Center accessible data as well as unauthorized read access to a subset of Oracle Commerce Service Center accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2021-2462 P-9351V-11.0.0 P-9351V-11.1.0 P-9351V-11.2.0 P-9351V-11.3.0-11.3.2 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Commerce Service Center Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2792990.1 P-9351V-11.0.0 P-9351V-11.1.0 P-9351V-11.2.0 P-9351V-11.3.0-11.3.2 Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework). Supported versions that are affected are 11.0.0, 11.1.0, 11.2.0 and 11.3.0-11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks of this vulnerability can result in takeover of Oracle Commerce Platform. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-2463 P-9348V-11.0.0 P-9348V-11.1.0 P-9348V-11.2.0 P-9348V-11.3.0-11.3.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Commerce Platform Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2792990.1 P-9348V-11.0.0 P-9348V-11.1.0 P-9348V-11.2.0 P-9348V-11.3.0-11.3.2 Vulnerability in the Instantis EnterpriseTrack product of Oracle Construction and Engineering (component: HTTP Server (Apache Tomcat)). Supported versions that are affected are 17.1, 17.2 and 17.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Instantis EnterpriseTrack. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Instantis EnterpriseTrack accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2021-25122 P-10563V-17.1 P-10563V-17.2 P-10563V-17.3 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Instantis EnterpriseTrack Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2783281.1 P-10563V-17.1 P-10563V-17.2 P-10563V-17.3 Vulnerability in the Oracle Managed File Transfer product of Oracle Fusion Middleware (component: MFT Runtime Server (Apache Tomcat)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Managed File Transfer. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Managed File Transfer accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2021-25122 P-10198V-12.2.1.3.0 P-10198V-12.2.1.4.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Managed File Transfer Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-10198V-12.2.1.3.0 P-10198V-12.2.1.4.0 Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (Apache Tomcat)). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS/2 to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Enterprise Monitor accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2021-25122 P-8480V-8.0.23 and prior 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N MySQL Enterprise Monitor Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787955.1 P-8480V-8.0.23 and prior Vulnerability in the Oracle FLEXCUBE Private Banking product of Oracle Financial Services Applications (component: Financial Planning (Apache ActiveMQ)). Supported versions that are affected are 12.0.0 and 12.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in takeover of Oracle FLEXCUBE Private Banking. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-26117 P-9110V-12.0.0 P-9110V-12.1.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H FLEXCUBE Private Banking Oracle customers with valid support contracts https://support.oracle.com P-9110V-12.0.0 P-9110V-12.1.0 Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Security (CKEditor)). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Agile PLM. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-26272 P-4461V-9.3.5 P-4461V-9.3.6 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Agile PLM Framework Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787997.1 P-4461V-9.3.5 P-4461V-9.3.6 Vulnerability in the Oracle Commerce Merchandising product of Oracle Commerce (component: Experience Manager, Business Control Center (CKEditor)). Supported versions that are affected are 11.1.0, 11.2.0 and 11.3.0-11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Merchandising. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Merchandising. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-26272 P-9349V-11.1.0 P-9349V-11.2.0 P-9349V-11.3.0-11.3.2 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Commerce Merchandising Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2792990.1 P-9349V-11.1.0 P-9349V-11.2.0 P-9349V-11.3.0-11.3.2 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: REST Services (netplex json-smart-v1)). Supported versions that are affected are 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H). Security patch has been released CVE-2021-27568 P-5085V-8.58 P-5085V-8.59 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H PeopleSoft Enterprise PT PeopleTools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2788006.1 P-5085V-8.58 P-5085V-8.59 Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Segment (Apache PDFbox)). The supported version that is affected is 19.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Customer Management and Segmentation Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N). Security patch has been released CVE-2021-27807 P-13388V-19.0 6.5 AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N Retail Customer Management and Segmentation Foundation Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2783353.1 P-13388V-19.0 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Clean Content SDK (Apache PDFBox)). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Outside In Technology executes to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-27906 P-2276V-8.5.5 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Outside In Technology Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2773670.1 P-2276V-8.5.5 Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Core (Apache PDFbox)). Supported versions that are affected are 17.7-17.12, 18.8, 19.12 and 20.12. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Primavera Unifier executes to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Unifier. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Security patch has been released CVE-2021-27906 P-10354V-17.7-17.12 P-10354V-18.8 P-10354V-19.12 P-10354V-20.12 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Primavera Unifier Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2783281.1 P-10354V-17.7-17.12 P-10354V-18.8 P-10354V-19.12 P-10354V-20.12 Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Python interpreter and runtime (CPython)). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-29921 P-13497V-Oracle GraalVM Enterprise Edition:20.3.2 P-13497V-Oracle GraalVM Enterprise Edition:21.1.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H GraalVM Enterprise Edition Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787003.1 P-13497V-Oracle GraalVM Enterprise Edition:20.3.2 P-13497V-Oracle GraalVM Enterprise Edition:21.1.0 Vulnerability in the MICROS Compact Workstation 3 product of Oracle Food and Beverage Applications (component: Workstation 310 (Sudo)). The supported version that is affected is 310. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MICROS Compact Workstation 3 executes to compromise MICROS Compact Workstation 3. Successful attacks of this vulnerability can result in takeover of MICROS Compact Workstation 3. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-3156 P-13794V-310 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MICROS Compact Workstation 3 Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2758251.1 P-13794V-310 Vulnerability in the MICROS ES400 Series product of Oracle Food and Beverage Applications (component: Express Station 4 (Sudo)). Supported versions that are affected are 400-410. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MICROS ES400 Series executes to compromise MICROS ES400 Series. Successful attacks of this vulnerability can result in takeover of MICROS ES400 Series. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-3156 P-14212V-400-410 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MICROS ES400 Series Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2758251.1 P-14212V-400-410 Vulnerability in the MICROS Kitchen Display System Hardware product of Oracle Food and Beverage Applications (component: Kitchen Display System 210 (Sudo)). The supported version that is affected is 210. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MICROS Kitchen Display System Hardware executes to compromise MICROS Kitchen Display System Hardware. Successful attacks of this vulnerability can result in takeover of MICROS Kitchen Display System Hardware. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-3156 P-11641V-210 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MICROS Kitchen Display System Hardware Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2758251.1 P-11641V-210 Vulnerability in the MICROS Workstation 5A product of Oracle Food and Beverage Applications (component: Workstation 5A (Sudo)). The supported version that is affected is 5A. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MICROS Workstation 5A executes to compromise MICROS Workstation 5A. Successful attacks of this vulnerability can result in takeover of MICROS Workstation 5A. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-3156 P-11636V-5A 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MICROS Workstation 5A Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2758251.1 P-11636V-5A Vulnerability in the MICROS Workstation 6 product of Oracle Food and Beverage Applications (component: Workstation 6 (Sudo)). Supported versions that are affected are 610-655. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MICROS Workstation 6 executes to compromise MICROS Workstation 6. Successful attacks of this vulnerability can result in takeover of MICROS Workstation 6. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-3156 P-11628V-610-655 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H MICROS Workstation 6 Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2758251.1 P-11628V-610-655 Vulnerability in the Oracle Communications Offline Mediation Controller product of Oracle Communications Applications (component: UDC CORE (Python)). The supported version that is affected is 12.0.0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Offline Mediation Controller. Successful attacks of this vulnerability can result in takeover of Oracle Communications Offline Mediation Controller. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-3177 P-2269V-12.0.0.3.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Communications Offline Mediation Controller Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2785182.1 P-2269V-12.0.0.3.0 Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Operating System Image). The supported version that is affected is 8.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in takeover of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-3177 P-10026V-8.8 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Sun ZFS Storage Appliance Kit (AK) Software Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2788472.1 P-10026V-8.8 Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Accounts Receivable (libgcrypt)). The supported version that is affected is 12.0.0.3.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Billing and Revenue Management executes to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2021-3345 P-2136V-12.0.0.3.0 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Communications Billing and Revenue Management Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2785183.1 P-2136V-12.0.0.3.0 Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/C++ (OpenSSL)). Supported versions that are affected are 8.0.23 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Connectors accessible data as well as unauthorized access to critical data or complete access to all MySQL Connectors accessible data. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2021-3450 P-8576V-8.0.23 and prior 7.4 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N MySQL Connectors Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787955.1 P-8576V-8.0.23 and prior Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC (OpenSSL)). Supported versions that are affected are 8.0.23 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Connectors accessible data as well as unauthorized access to critical data or complete access to all MySQL Connectors accessible data. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2021-3450 P-8576V-8.0.23 and prior 7.4 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N MySQL Connectors Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787955.1 P-8576V-8.0.23 and prior Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (OpenSSL)). Supported versions that are affected are 8.0.23 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Monitor accessible data. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2021-3450 P-8480V-8.0.23 and prior 7.4 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N MySQL Enterprise Monitor Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2787955.1 P-8480V-8.0.23 and prior Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security (OpenSSL)). Supported versions that are affected are 8.57 and 8.58. 8.59. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2021-3450 P-5085V-8.57 P-5085V-8.58. 8.59 7.4 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N PeopleSoft Enterprise PT PeopleTools Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&amp;id=2788006.1 P-5085V-8.57 P-5085V-8.58. 8.59