Oracle Critical Patch Update Advisory - October 2020 - Oracle CVRF Oracle Critical Patch Update Advisory CPUOct2020 Final 6 6 2020-12-08T13:50:00-07:00 Added a note for CVE-2020-14871. 2020-10-20T13:00:00-07:00 2020-12-08T13:50:00-07:00 This document contains descriptions of Oracle product security vulnerabilities which have had security patches released for all supported versions and platforms for the associated product. Additional information regarding these vulnerabilities including security patch distribution information can be found at the Oracle sites referenced in this document. This document is published at: https://www.oracle.com/a/tech/docs/cpuoct2020cvrf.xml https://www.oracle.com/security-alerts/cpuoct2020.html URL to html version of Advisory 0rich1 Ant Security FG Lab Aaron Carreras FireEye Abdulrahman Ahmed Abdulrahman Ahmed Abdulrahman Nour Redforce Abhishek Morla Abhishek Morla Adam Willard Adam Willard Adam Willard Raytheon Foreground Security Adarsh VS Mannarakkal Ahmed Elhady Mohamed Ahmed Mohamed Ahmed Elmalky Ahmed Elmalky Ahmed Omer Morve Akshay Gaikwad Akshay Gaikwad Alessandro Bosco TIM S.p.A Alex Munene Alex Munene Alexander Kornbrust Red Database Security Alisha Sheikh Alisha Sheikh Alves Christopher of Telecom Nancy Ammarit Thongthua Secure D Center Cybersecurity Team Amy Tran Amy Tran Andrej Simko Accenture Anil Bhatt Anonymous researcher working with Trend Micro's Zero Day Initiative Syed Muhammad Asim Ayan Saha Ayan Saha Badal Sardhara Bindiya Sardhara Shubham Kalaria Bui Duong from Viettel Cyber Security Chi Tran Chi Tran Shivang Trivedi Anurag Kumar Rawat (A1C3VENOM) Damian Bury Damian Bury Danny Danny Darragh Duffy Darragh Duffy David Wilkins David Wilkins(au) Dhiraj Mishra Dhiraj Mishra Eddie Zhu of BEIJING DBSEC TECHNOLOGY CO., LTD Edoardo Predieri TIM S.p.A Fabio Minarelli TIM S.p.A Filip Ceglik Filip Ceglik Francesco Russo TIM S.p.A François Goichon Google Funny Tech Funny Tech Gaoning Pan of Zhejiang University & Ant Security Light-Year Lab Gaurav Kumar Gaurav Kumar Gourab Sadhukhan Gourab Sadhukhan Graham Rymer University Information Services, University of Cambridge Hangfan Zhang Hangfan Zhang Harsh Mukeshbhai Joshi Himanshu Phulwariya Himanshu Phulwariya Ioannis Charalambous NCC Group Ivo Palazzolo Daimler TSS Bui Dinh Bao aka 0xd0ff9 of Zalo Security Team (VNG Corp) Jacob Thompson FireEye Jakub Palaczynski Jakub Palaczynski Jakub Palaczynski Jakub Plusczok Jakub Plusczok Zouhair Janatil-Idrissi of Telecom Nancy Jeffrey Martin Rapid7 Joe Almeida Globlue Technologies Karthick Selvaraj Karthick Selvaraj Kartik Sharma Kartik Sharma Kaustubh Kale Kaustubh Kale Khuyen Nguyen secgit.com Kirtan Patel Kirtan Patel Kritsada Sunthornwutthikrai Secure D Center Cybersecurity Team Kunal Gambhir Kunal Gambhir Kylinking NSFocus Security Team Ria from iZOOlogic Larry W. Cashdollar Larry W. Cashdollar Le Xuan Tuyen - VNPT ISC working with Trend Micro Zero Day Initiative Long Nguyễn Hữu Vũ Long Nguyễn Hữu Vũ Longofo Knownsec 404 Team Luca Di Giuseppe TIM S.p.A Magrabur Alam Sofily Mansouri Badis Mansouri Badis Markus Loewe Markus Loewe Massimiliano Brolli TIM S.p.A Mateusz Dabrowski Mateusz Dabrowski Matthew Harlow EthicalHacker 20 Mayank Kumar Mayank Kumar Mayank Malik, Kartik Sharma Micah Van Deusen Micah Van Deusen Olivier Chatelain Olivier Chatelain Omkar Ghaisas Omkar Ghaisas Osman Ahmed Hassan Pankaj Kumar Thakur from Nepal Philippe Antoine of Telecom Nancy Piotr Madej ING Tech Poland Sai Prashanth Pulisetti Pratish Bhansali Pratish Bhansali Preeyakorn Keadsai Secure D Center Cybersecurity Team Quynh Le of VNPT ISC working with Trend Micro Zero Day Initiative Riccardo Donini Riccardo Donini Rick Verdoes & Danny de Weille of HackDefense Ryan awsmhacks Preston Robert Lee Dick Robert Lee Dick Roger Meyer Ronak Nahar Rudi Andriano Rudi Andriano Rui Zhong Rui Zhong Sameer Goyal Sameer Goyal Sergey Ostanin Sergey Ostanin Shahid Ahmed Shahid Ahmed Shahid Ahmed Shiva Gupta Shiva Hacker One Shubham Maheshwari Shubham Maheshwari Sidney Omondi of Salaam Technology Soumajit Mukherjee Soumajit Mukherjee Sparsh Gupta Sparsh Gupta Spyridon Chatzimichail of OTE Hellenic Telecommunications Organization S.A. Srikar V - exp1o1t9r Kryptos Logic - Threat Intelligence Platform Sumit Sah Sumit Sah Supun Madubashana Halangoda Suresh Nadar Suresh Nadar Swapnil Maurya - "swapmaurya20" Thai Nguyen ECQ Tomasz Stachowicz Tomasz Stachowicz thiscodecc Trung Le Trung Le Tuan Anh Nguyen of Viettel Cyber Security working with Trend Micro Zero Day Initiative Tuan Anh Nguyen Viettel Cyber Security Vaibhav Gaikwad Knock Security Solutions Ved Prabhu Ved Prabhu Venkata Sateesh Netti (str4n63r) Viktor Gazdag NCC Group Walid Faour Walid Faour Walid Hossain Walid Hossain Venustech ADLab Xingwei Lin Ant Security Light-Year Lab Xinlei Ying Ant Security Light-Year Lab Xu Yuanzhen of Alibaba Cloud Security Team Yaoguang Chen Ant Security Light-Year Lab Yassine Triki Yassine Triki Yatin Sharma Yatin Sharma Yi Ren Alibaba Yongheng Chen Yongheng Chen Yu Wang BMH Security Team Yuyue Wang Alibaba Julien Zhan of Telecom Nancy Zhiqiang Zang of University of Texas at Austin voidfyoo of Chaitin Security Research Lab codeplutos AntGroup FG Security Lab Ai Ho (j3ssiejjj) r00t4dm from A-TEAM of Legendsec at Qi'anxin Group Siva Pathela Marwan Albahar Big Data Spatial and Graph Version Prior to 2.4 Big Data Spatial and Graph Version Prior to 20.2 Big Data Spatial and Graph Version Prior to 3.0 Communications Services Gatekeeper Version 7 Communications Session Border Controller Version 8.2-8.4 Communications Session Border Controller Version 8.3 Communications Session Border Controller Version 8.4 Enterprise Session Border Controller Version 8.4 Communications EAGLE (Software) Version 46.6.0-46.8.2 Communications Application Session Controller Version 3.8m0 Communications Application Session Controller Version 3.9m0p1 Communications Session Report Manager Version 8.2.0-8.2.2 Communications Session Route Manager Version 8.2.0-8.2.2 Communications WebRTC Session Controller Version 7.2 Communications Diameter Signaling Router (DSR) Version 8.0.0.0-8.4.0.5 Communications Diameter Signaling Router (DSR) Version IDIH: 8.0.0-8.2.2 Communications Evolved Communications Application Server Version 7.1 Communications Element Manager Version 8.2.0-8.2.2 Communications Billing and Revenue Management Version 12.0.0.2.0 Communications Billing and Revenue Management Version 12.0.0.3.0 Communications Billing and Revenue Management Version 7.5.0.23.0 Communications Offline Mediation Controller Version 12.0.0.3.0 Communications Unified Inventory Management Version 7.3.0 Communications Unified Inventory Management Version 7.4.0 Communications Messaging Server Version 8.1 Communications BRM - Elastic Charging Engine Version 11.3.0.9.0 Communications BRM - Elastic Charging Engine Version 12.0.0.3.0 Primavera Unifier Version 16.1 Primavera Unifier Version 16.2 Primavera Unifier Version 17.7-17.12 Primavera Unifier Version 18.8 Primavera Unifier Version 19.12 Instantis EnterpriseTrack Version 17.1 Instantis EnterpriseTrack Version 17.2 Instantis EnterpriseTrack Version 17.3 Primavera Gateway Version 16.2.0-16.2.11 Primavera Gateway Version 17.12.0-17.12.8 Database - Enterprise Edition Version 11.2.0.4 Database - Enterprise Edition Version 12.1.0.2 Database - Enterprise Edition Version 12.2.0.1 Database - Enterprise Edition Version 18c Database - Enterprise Edition Version 19c Text Version 11.2.0.4 Text Version 12.1.0.2 Text Version 12.2.0.1 Text Version 18c Text Version 19c Spatial and Graph Version 11.2.0.4 Spatial and Graph Version 12.1.0.2 Spatial and Graph Version 12.2.0.1 Spatial and Graph Version 18c Spatial and Graph Version 19c Application Express (APEX) Version Prior to 20.2 SQL Developer Version 11.2.0.4 SQL Developer Version 12.1.0.2 SQL Developer Version 12.2.0.1 SQL Developer Version 18c Applications Manager Version 12.1.3 Applications Manager Version 12.2.3 - 12.2.10 Applications Manager Version 12.2.3 - 12.2.7 Marketing Version 12.1.1 - 12.1.3 Marketing Version 12.2.3 - 12.2.10 Application Object Library Version 12.1.3 Application Object Library Version 12.2.3 - 12.2.10 Trade Management Version 12.1.1 - 12.1.3 Trade Management Version 12.1.3 Trade Management Version 12.2.3 - 12.2.10 Universal Work Queue Version 12.1.3 Universal Work Queue Version 12.2.3 - 12.2.9 Installed Base Version 12.1.1 - 12.1.3 Installed Base Version 12.2.3 - 12.2.10 CRM Technical Foundation Version 12.1.1 - 12.1.3 CRM Technical Foundation Version 12.1.3 CRM Technical Foundation Version 12.2.3 - 12.2.10 One-to-One Fulfillment Version 12.1.1 - 12.1.3 One-to-One Fulfillment Version 12.1.3 Applications Framework Version 12.1.3 Applications Framework Version 12.2.3 - 12.2.10 E-Business Suite Secure Enterprise Search Version 12.1.3 E-Business Suite Secure Enterprise Search Version 12.2.3 - 12.2.10 Enterprise Manager Base Platform Version 13.2.1.0 Enterprise Manager Base Platform Version 13.3.0.0 Enterprise Manager Base Platform Version 13.4.0.0 Enterprise Manager for Peoplesoft Version 13.4.1.1 Application Testing Suite Version 13.3.0.1 APM - Application Performance Management Version 13.3.0.0 APM - Application Performance Management Version 13.4.0.0 Enterprise Manager Ops Center Version 12.4.0.0 Enterprise Manager for Storage Management Version 13.3.0.0 Enterprise Manager for Storage Management Version 13.4.0.0 Financial Services Profitability Management Version 8.0.6 Financial Services Profitability Management Version 8.0.7 Financial Services Profitability Management Version 8.1.0 Financial Services Funds Transfer Pricing Version 8.0.6 Financial Services Funds Transfer Pricing Version 8.0.7 Financial Services Funds Transfer Pricing Version 8.1.0 Financial Services Asset Liability Management Version 8.0.6 Financial Services Asset Liability Management Version 8.0.7 Financial Services Asset Liability Management Version 8.1.0 Financial Services Balance Sheet Planning Version 8.0.8 Financial Services Analytical Applications Infrastructure Version 8.0.6-8.1.0 Financial Services Analytical Applications Reconciliation Framework Version 8.0.6-8.0.8 Financial Services Analytical Applications Reconciliation Framework Version 8.1.0 Financial Services Price Creation and Discovery Version 8.0.6 Financial Services Price Creation and Discovery Version 8.0.7 FLEXCUBE Universal Banking Version 12.3.0 FLEXCUBE Universal Banking Version 14.0.0-14.4.0 Financial Services Liquidity Risk Management Version 8.0.6 FLEXCUBE Core Banking Version 11.5.0-11.7.0 FLEXCUBE Core Banking Version 5.2.0 FLEXCUBE Private Banking Version 12.0.0 FLEXCUBE Private Banking Version 12.1.0 FLEXCUBE Direct Banking Version 12.0.1 FLEXCUBE Direct Banking Version 12.0.2 FLEXCUBE Direct Banking Version 12.0.3 Banking Platform Version 2.4.0-2.10.0 Financial Services Data Foundation Version 8.0.6-8.1.0 Financial Services Hedge Management and IFRS Valuations Version 8.0.6-8.0.8 Financial Services Hedge Management and IFRS Valuations Version 8.1.0 Financial Services Basel Regulatory Capital Internal Ratings Based Approach Version 8.0.6-8.0.8 Financial Services Basel Regulatory Capital Internal Ratings Based Approach Version 8.1.0 Financial Services Loan Loss Forecasting and Provisioning Version 8.0.6-8.0.8 Financial Services Loan Loss Forecasting and Provisioning Version 8.1.0 Financial Services Basel Regulatory Capital Basic Version 8.0.6-8.0.8 Financial Services Basel Regulatory Capital Basic Version 8.1.0 Insurance Data Foundation Version 8.0.6-8.1.0 Financial Services Retail Customer Analytics Version 8.0.6 Financial Services Institutional Performance Analytics Version 8.0.6 Financial Services Institutional Performance Analytics Version 8.0.7 Financial Services Institutional Performance Analytics Version 8.1.0 Financial Services Institutional Performance Analytics Version 8.7.0 Financial Services Data Integration Hub Version 8.0.6 Financial Services Data Integration Hub Version 8.0.7 Financial Services Data Integration Hub Version 8.1.0 Financial Services Data Governance for US Regulatory Reporting Version 8.0.6-8.0.9 Banking Digital Experience Version 18.1 Banking Digital Experience Version 18.2 Banking Digital Experience Version 18.3 Banking Digital Experience Version 19.1 Banking Digital Experience Version 19.2 Banking Digital Experience Version 20.1 Banking Corporate Lending Version 12.3.0 Banking Corporate Lending Version 14.0.0-14.4.0 Banking Payments Version 14.1.0-14.4.0 Financial Services Regulatory Reporting with AgileREPORTER Version 8.0.9.2.0 Financial Services Regulatory Reporting for US Federal Reserve Version 8.0.6-8.0.9 Financial Services Market Risk Measurement and Management Version 8.0.6 Financial Services Market Risk Measurement and Management Version 8.0.8 Financial Services Market Risk Measurement and Management Version 8.1.0 Financial Services Regulatory Reporting for European Banking Authority Version 8.0.6-8.1.0 Financial Services Liquidity Risk Measurement and Management Version 8.0.7 Financial Services Liquidity Risk Measurement and Management Version 8.0.8 Financial Services Liquidity Risk Measurement and Management Version 8.1.0 Insurance Accounting Analyzer Version 8.0.9 Insurance Allocation Manager for Enterprise Profitability Version 8.0.8 Insurance Allocation Manager for Enterprise Profitability Version 8.1.0 Hospitality Simphony Version 18.1 Hospitality Simphony Version 18.2 Hospitality Simphony Version 19.1.0-19.1.2 Hospitality RES 3700 Version 5.7 Hospitality Reporting and Analytics Version 9.1.0 Hospitality Materials Control Version 18.1 JDeveloper Version 11.1.1.9.0 JDeveloper Version 12.2.1.3.0 JDeveloper Version 12.2.1.4.0 HTTP Server Version 12.2.1.3.0 HTTP Server Version 12.2.1.4.0 BI Publisher (formerly XML Publisher) Version 11.1.1.9.0 BI Publisher (formerly XML Publisher) Version 12.2.1.3.0 BI Publisher (formerly XML Publisher) Version 12.2.1.4.0 BI Publisher (formerly XML Publisher) Version 5.5.0.0.0 WebCenter Portal Version 11.1.1.9.0 WebCenter Portal Version 12.2.1.3.0 WebCenter Portal Version 12.2.1.4.0 Identity Manager Connector Version 9.0 Business Intelligence Enterprise Edition Version 11.1.1.9.0 Business Intelligence Enterprise Edition Version 12.2.1.3.0 Business Intelligence Enterprise Edition Version 12.2.1.4.0 Business Intelligence Enterprise Edition Version 5.5.0.0.0 Data Integrator Version 11.1.1.9.0 Data Integrator Version 12.2.1.3.0 Outside In Technology Version 8.5.4 Outside In Technology Version 8.5.5 WebLogic Server Version 10.3.6.0.0 WebLogic Server Version 12.1.3.0.0 WebLogic Server Version 12.2.1.3.0 WebLogic Server Version 12.2.1.4.0 WebLogic Server Version 14.1.1.0.0 Business Process Management Suite Version 12.2.1.3.0 Business Process Management Suite Version 12.2.1.4.0 Enterprise Repository Version 11.1.1.7.0 Access Manager Version 11.1.2.3.0 Management Pack for Oracle GoldenGate Version 12.2.1.2.0 GoldenGate Big Data and Application Adapters Version 12.3.2.1.0 GoldenGate Big Data and Application Adapters Version 19.1.0.0.0 Endeca Information Discovery Studio Version 3.2.0 Managed File Transfer Version 12.2.1.3.0 Managed File Transfer Version 12.2.1.4.0 Endeca Information Discovery Integrator Version 3.2.0 GraalVM Enterprise Edition Version 19.3.3 GraalVM Enterprise Edition Version 20.2.0 Healthcare Data Repository Version 7.0.1 Health Sciences Empirica Signal Version 9.0 Healthcare Foundation Version 7.1.1 Healthcare Foundation Version 7.2.0 Healthcare Foundation Version 7.2.1 Healthcare Foundation Version 7.3.0 Hospitality OPERA 5 Property Services Version 5.5 Hospitality OPERA 5 Property Services Version 5.6 Hospitality Guest Access Version 4.2.0 Hospitality Guest Access Version 4.2.1 Hospitality Suite8 Version 8.10.2 Hospitality Suite8 Version 8.11-8.14 Hyperion Analytic Provider Services Version 11.1.2.4 Hyperion BI+ Version 11.1.2.4 Hyperion Essbase Version 11.1.2.4 Hyperion Infrastructure Technology Version 11.1.2.4 Hyperion Planning Version 11.1.2.4 Hyperion Lifecycle Management Version 11.1.2.4 Insurance Policy Administration J2EE Version 10.2.0.37 Insurance Policy Administration J2EE Version 10.2.4.12 Insurance Policy Administration J2EE Version 11.0.2.25 Insurance Policy Administration J2EE Version 11.1.0.15 Insurance Policy Administration J2EE Version 11.2.0.26 Insurance Policy Administration J2EE Version 11.2.2.0 Insurance Rules Palette Version 10.2.0.37 Insurance Rules Palette Version 10.2.4.12 Insurance Rules Palette Version 11.0.2.25 Insurance Rules Palette Version 11.1.0.15 Insurance Rules Palette Version 11.2.0.26 Insurance Insbridge Rating and Underwriting Version 5.0.0.0 - 5.6.0.0 Insurance Insbridge Rating and Underwriting Version 5.6.1.0 Java SE JDK and JRE Version 11.0.8 Java SE JDK and JRE Version 15 Java SE JDK and JRE Version 15; Java SE Embedded: 8u261 Java SE JDK and JRE Version 8u261 Java SE JDK and JRE Version Java SE: 11.0.8 Java SE JDK and JRE Version Java SE: 7u271 MySQL Workbench Version 8.0.21 and prior MySQL Server Version 5.6.49 and prior MySQL Server Version 5.7.31 and prior MySQL Server Version 8.0.20 and prior MySQL Server Version 8.0.21 and prior MySQL Cluster Version 7.3.30 and prior MySQL Cluster Version 7.4.29 and prior MySQL Cluster Version 7.5.19 and prior MySQL Cluster Version 7.6.15 and prior MySQL Cluster Version 8.0.21 and prior MySQL Enterprise Monitor Version 8.0.21 and prior PeopleSoft Enterprise HCM Global Payroll Core Version 9.2 PeopleSoft Enterprise PT PeopleTools Version 8.56 PeopleSoft Enterprise PT PeopleTools Version 8.57 PeopleSoft Enterprise PT PeopleTools Version 8.58 PeopleSoft Enterprise SCM eSupplier Connection Version 9.2 Policy Automation Version 12.2.0 - 12.2.20 Policy Automation for Mobile Devices Version 12.2.0 - 12.2.20 Policy Automation Connector for Siebel Version 10.4.6 REST Data Services Version 11.2.0.4 REST Data Services Version 12.1.0.2 REST Data Services Version 12.2.0.1 REST Data Services Version 18c REST Data Services Version 19c REST Data Services Version 19c; Standalone ORDS: prior to 20.2.1 Retail Advanced Inventory Planning Version 14.1 Retail Assortment Planning Version 15.0.3.0 Retail Assortment Planning Version 16.0.3.0 Retail Integration Bus Version 14.1 Retail Integration Bus Version 15.0 Retail Integration Bus Version 16.0 Retail Predictive Application Server Version 14.1.3.0 Retail Predictive Application Server Version 15.0.3.0 Retail Predictive Application Server Version 16.0.3.0 Retail Price Management Version 14.0.4 Retail Price Management Version 14.1.3.0 Retail Price Management Version 15.0.3.0 Retail Price Management Version 16.0.3.0 Retail Back Office Version 14.0 Retail Back Office Version 14.1 Retail Central Office Version 14.0 Retail Central Office Version 14.1 Retail Point-of-Service Version 14.0 Retail Point-of-Service Version 14.1 Retail Returns Management Version 14.0 Retail Returns Management Version 14.1 Retail Service Backbone Version 14.1 Retail Service Backbone Version 15.0 Retail Service Backbone Version 16.0 Retail Xstore Point of Service Version 15.0.3 Retail Xstore Point of Service Version 16.0.5 Retail Xstore Point of Service Version 17.0.3 Retail Xstore Point of Service Version 18.0.2 Retail Xstore Point of Service Version 19.0.1 Retail Order Broker Cloud Service Version 15.0 Retail Order Broker Cloud Service Version 16.0 Retail Order Broker Cloud Service Version 18.0 Retail Order Broker Cloud Service Version 19.0 Retail Order Broker Cloud Service Version 19.1 Retail Order Broker Cloud Service Version 19.2 Retail Order Broker Cloud Service Version 19.3 Retail Bulk Data Integration Version 15.0.3.0 Retail Bulk Data Integration Version 16.0.3.0 Retail Customer Management and Segmentation Foundation Version 18.0 Retail Customer Management and Segmentation Foundation Version 19.0 Siebel Apps - Marketing Version 20.7 Siebel UI Framework Version 20.8 Transportation Management Version 6.3.7 Agile Product Supplier Collaboration for Process Version 6.2.0.0 Agile PLM Framework Version 9.3.3 Agile PLM Framework Version 9.3.5 Agile PLM Framework Version 9.3.6 Solaris Operating System Version 10 Solaris Operating System Version 11 Sun ZFS Storage Appliance Kit (AK) Software Version 8.8 Fujitsu SPARC Servers Firmware Version Prior to XCP2362 Fujitsu SPARC Servers Firmware Version Prior to XCP3090 Fujitsu SPARC Servers Firmware Version prior to XCP3090 TimesTen In-Memory Database Version Prior to 11.2.2.8.49 TimesTen In-Memory Database Version Prior to 18.1.3.1.0 TimesTen In-Memory Database Version Prior to 18.1.4.1.0 Utilities Framework Version 2.2.0.0.0 Utilities Framework Version 4.2.0.2.0 Utilities Framework Version 4.2.0.3.0 Utilities Framework Version 4.3.0.1.0 - 4.3.0.6.0 Utilities Framework Version 4.4.0.0.0 Utilities Framework Version 4.4.0.2.0 VM VirtualBox Version Prior to 6.1.16 Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Platform (Apache Derby)). Supported versions that are affected are 16.1, 16.2, 17.7-17.12, 18.8 and 19.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Unifier accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Unifier. CVSS 3.1 Base Score 9.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H). Security patch has been released CVE-2015-1832 P-10354V-16.1 P-10354V-16.2 P-10354V-17.7-17.12 P-10354V-18.8 P-10354V-19.12 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10354V-16.1 P-10354V-16.2 P-10354V-17.7-17.12 P-10354V-18.8 P-10354V-19.12 Security-in-Depth issue in the Big Data Spatial and Graph product of Oracle Big Data Graph (component: Property Graph Analytics (jQuery)). The supported version that is affected is Prior to 2.4. This vulnerability cannot be exploited in the context of this product. Note: CVEs addressed by this patch are not exploitable in the context of Property Graph and Analytics in Big Data Spatial and Graph product, thus the CVSS score is 0.0. CVSS 3.1 Base Score 0.0. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:N). Security patch has been released CVE-2015-9251 P-11528V-Prior to 2.4 0.0 AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-11528V-Prior to 2.4 Vulnerability in the Oracle REST Data Services product of Oracle REST Data Services (component: General (Apache Commons FileUpload)). Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle REST Data Services. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle REST Data Services. CVSS 3.1 Base Score 8.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2016-1000031 P-9456V-11.2.0.4 P-9456V-12.1.0.2 P-9456V-12.2.0.1 P-9456V-18c 8.0 AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-9456V-11.2.0.4 P-9456V-12.1.0.2 P-9456V-12.2.0.1 P-9456V-18c Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM (component: Mktg/Email Mktg Stand-Alone (Apache Commons File Upload)). The supported version that is affected is 20.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Apps - Marketing. Successful attacks of this vulnerability can result in takeover of Siebel Apps - Marketing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2016-1000031 P-8974V-20.7 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8974V-20.7 Vulnerability in the Oracle Data Integrator product of Oracle Fusion Middleware (component: Jave APIs (BeanShell)). Supported versions that are affected are 11.1.1.9.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Data Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Data Integrator. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2016-2510 P-2196V-11.1.1.9.0 P-2196V-12.2.1.3.0 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-2196V-11.1.1.9.0 P-2196V-12.2.1.3.0 Security-in-Depth issue in the SQL Developer (JCraft JSch) component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. This vulnerability cannot be exploited in the context of this product.CVSS 3.1 Base Score 0.0. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N). Security patch has been released CVE-2016-5725 P-1875V-11.2.0.4 P-1875V-12.1.0.2 P-1875V-12.2.0.1 P-1875V-18c 0.0 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1875V-11.2.0.4 P-1875V-12.1.0.2 P-1875V-12.2.0.1 P-1875V-18c Security-in-Depth issue in the SQL Developer (Apache POI) component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. This vulnerability cannot be exploited in the context of this product.CVSS 3.1 Base Score 0.0. CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N). Security patch has been released CVE-2017-12626 P-1875V-11.2.0.4 P-1875V-12.1.0.2 P-1875V-12.2.0.1 P-1875V-18c 0.0 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1875V-11.2.0.4 P-1875V-12.1.0.2 P-1875V-12.2.0.1 P-1875V-18c Security-in-Depth issue in the Big Data Spatial and Graph product of Oracle Big Data Graph (component: Property Graph Analytics (Apache Log4j)). The supported version that is affected is Prior to 3.0. This vulnerability cannot be exploited in the context of this product. Note: CVEs addressed by this patch are not exploitable in the context of Property Graph and Analytics in Big Data Spatial and Graph product, thus the CVSS score is 0.0. CVSS 3.1 Base Score 0.0. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N). Security patch has been released CVE-2017-5645 P-11528V-Prior to 3.0 0.0 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-11528V-Prior to 3.0 Vulnerability in the Oracle Financial Services Regulatory Reporting with AgileREPORTER product of Oracle Financial Services Applications (component: Core (Apache Ant)). The supported version that is affected is 8.0.9.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Financial Services Regulatory Reporting with AgileREPORTER. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Regulatory Reporting with AgileREPORTER. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2017-5645 P-13077V-8.0.9.2.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-13077V-8.0.9.2.0 Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware (component: General and Misc (Apache Log4j)). The supported version that is affected is 9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Identity Manager Connector. Successful attacks of this vulnerability can result in takeover of Identity Manager Connector. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2017-5645 P-1999V-9.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1999V-9.0 Security-in-Depth issue in the SQL Developer (Apache Log4j) component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. This vulnerability cannot be exploited in the context of this product.CVSS 3.1 Base Score 0.0. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N). Security patch has been released CVE-2017-5645 P-1875V-11.2.0.4 P-1875V-12.1.0.2 P-1875V-12.2.0.1 P-1875V-18c 0.0 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1875V-11.2.0.4 P-1875V-12.1.0.2 P-1875V-12.2.0.1 P-1875V-18c Vulnerability in the Oracle TimesTen In-Memory Database product of Oracle TimesTen In-Memory Database (component: Install (Apache Log4j)). The supported version that is affected is Prior to 11.2.2.8.49. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle TimesTen In-Memory Database. Successful attacks of this vulnerability can result in takeover of Oracle TimesTen In-Memory Database. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2017-5645 P-1870V-Prior to 11.2.2.8.49 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1870V-Prior to 11.2.2.8.49 Vulnerability in the Oracle REST Data Services product of Oracle REST Data Services (component: General (Eclipse Jetty)). Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle REST Data Services. Successful attacks of this vulnerability can result in takeover of Oracle REST Data Services. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2017-7658 P-9456V-11.2.0.4 P-9456V-12.1.0.2 P-9456V-12.2.0.1 P-9456V-18c 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-9456V-11.2.0.4 P-9456V-12.1.0.2 P-9456V-12.2.0.1 P-9456V-18c Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Platform (iText)). Supported versions that are affected are 16.1, 16.2, 17.7-17.12, 18.8 and 19.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Primavera Unifier. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2017-9096 P-10354V-16.1 P-10354V-16.2 P-10354V-17.7-17.12 P-10354V-18.8 P-10354V-19.12 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10354V-16.1 P-10354V-16.2 P-10354V-17.7-17.12 P-10354V-18.8 P-10354V-19.12 Vulnerability in the Oracle Data Integrator product of Oracle Fusion Middleware (component: Install, config, upgrade (Apache HTTP Server)). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Data Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Data Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2017-9800 P-2196V-12.2.1.3.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-2196V-12.2.1.3.0 Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Web Server Plugin (RSA BSafe)). The supported version that is affected is 11.1.2.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in takeover of Oracle Access Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2018-11058 P-5565V-11.1.2.3.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5565V-11.1.2.3.0 Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Load Testing for Web Apps (RSA BSAFE Crypto-C)). The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in takeover of Oracle Application Testing Suite. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2018-11058 P-4622V-13.3.0.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-4622V-13.3.0.1 Vulnerability in the Oracle GoldenGate Application Adapters product of Oracle Fusion Middleware (component: Security Service (RSA BSAFE)). The supported version that is affected is 12.3.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle GoldenGate Application Adapters. Successful attacks of this vulnerability can result in takeover of Oracle GoldenGate Application Adapters. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2018-11058 P-5760V-12.3.2.1.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5760V-12.3.2.1.0 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Weblogic (RSA BSafe)). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2018-11058 P-5085V-8.56 P-5085V-8.57 P-5085V-8.58 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5085V-8.56 P-5085V-8.57 P-5085V-8.58 Vulnerability in the Oracle TimesTen In-Memory Database product of Oracle TimesTen In-Memory Database (component: EM TimesTen plugin (RSA BSAFE Crypto-C)). The supported version that is affected is Prior to 18.1.4.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle TimesTen In-Memory Database. Successful attacks of this vulnerability can result in takeover of Oracle TimesTen In-Memory Database. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2018-11058 P-1870V-Prior to 18.1.4.1.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1870V-Prior to 18.1.4.1.0 Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Core (Apache Kafka)). Supported versions that are affected are 18.8 and 19.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Unifier accessible data as well as unauthorized update, insert or delete access to some of Primavera Unifier accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Primavera Unifier. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L). Security patch has been released CVE-2018-17196 P-10354V-18.8 P-10354V-19.12 7.0 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10354V-18.8 P-10354V-19.12 Security-in-Depth issue in the Oracle Database (Perl Expat) component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. This vulnerability cannot be exploited in the context of this product.CVSS 3.1 Base Score 0.0. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N). Security patch has been released CVE-2018-20843 P-5V-11.2.0.4 P-5V-12.1.0.2 P-5V-12.2.0.1 P-5V-18c P-5V-19c 0.0 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5V-11.2.0.4 P-5V-12.1.0.2 P-5V-12.2.0.1 P-5V-18c P-5V-19c Vulnerability in the Oracle SSL API component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle SSL API. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle SSL API accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2018-2765 P-5V-11.2.0.4 P-5V-12.1.0.2 P-5V-12.2.0.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5V-11.2.0.4 P-5V-12.1.0.2 P-5V-12.2.0.1 Vulnerability in the Fujitsu M12-1, M12-2, M12-2S Servers product of Oracle Systems (component: XCP Firmware (Kernel)). The supported version that is affected is Prior to XCP3090. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Fujitsu M12-1, M12-2, M12-2S Servers executes to compromise Fujitsu M12-1, M12-2, M12-2S Servers. While the vulnerability is in Fujitsu M12-1, M12-2, M12-2S Servers, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Fujitsu M12-1, M12-2, M12-2S Servers accessible data. CVSS 3.1 Base Score 5.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N). Security patch has been released CVE-2018-3693 P-10656V-Prior to XCP3090 5.6 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10656V-Prior to XCP3090 Security-in-Depth issue in the SQL Developer (jackson-databind) component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. This vulnerability cannot be exploited in the context of this product.CVSS 3.1 Base Score 0.0. CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N). Security patch has been released CVE-2018-7489 P-1875V-11.2.0.4 P-1875V-12.1.0.2 P-1875V-12.2.0.1 P-1875V-18c 0.0 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1875V-11.2.0.4 P-1875V-12.1.0.2 P-1875V-12.2.0.1 P-1875V-18c Security-in-Depth issue in the Oracle REST Data Services product of Oracle REST Data Services (component: General (Apache Batik)). Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. This vulnerability cannot be exploited in the context of this product.CVSS 3.1 Base Score 0.0. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N). Security patch has been released CVE-2018-8013 P-9456V-11.2.0.4 P-9456V-12.1.0.2 P-9456V-12.2.0.1 P-9456V-18c P-9456V-19c 0.0 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-9456V-11.2.0.4 P-9456V-12.1.0.2 P-9456V-12.2.0.1 P-9456V-18c P-9456V-19c Security-in-Depth issue in the SQL Developer (Apache Batik) component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. This vulnerability cannot be exploited in the context of this product.CVSS 3.1 Base Score 0.0. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N). Security patch has been released CVE-2018-8013 P-1875V-11.2.0.4 P-1875V-12.1.0.2 P-1875V-12.2.0.1 P-1875V-18c 0.0 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1875V-11.2.0.4 P-1875V-12.1.0.2 P-1875V-12.2.0.1 P-1875V-18c Vulnerability in the Oracle GoldenGate Application Adapters product of Oracle Fusion Middleware (component: Application Adapters (SLF4J)). The supported version that is affected is 12.3.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GoldenGate Application Adapters. Successful attacks of this vulnerability can result in takeover of Oracle GoldenGate Application Adapters. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2018-8088 P-5760V-12.3.2.1.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5760V-12.3.2.1.0 Vulnerability in the Big Data Spatial and Graph product of Oracle Big Data Graph (component: Property Graph Analytics (Apache Solr)). The supported version that is affected is Prior to 3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Big Data Spatial and Graph. Successful attacks of this vulnerability can result in takeover of Big Data Spatial and Graph. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-0192 P-11528V-Prior to 3.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-11528V-Prior to 3.0 Vulnerability in the Oracle TimesTen In-Memory Database product of Oracle TimesTen In-Memory Database (component: Install (Apache ZooKeeper)). The supported version that is affected is Prior to 18.1.3.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via ZAB to compromise Oracle TimesTen In-Memory Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle TimesTen In-Memory Database accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2019-0201 P-1870V-Prior to 18.1.3.1.0 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1870V-Prior to 18.1.3.1.0 Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM (component: Mktg/Campaign Mgmt (Apache Tomcat)). The supported version that is affected is 20.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Apps - Marketing. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel Apps - Marketing. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-10072 P-8974V-20.7 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8974V-20.7 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core (Apache HTTP Server)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in takeover of Oracle HTTP Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-10097 P-1042V-12.2.1.4.0 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1042V-12.2.1.4.0 Vulnerability in the Oracle TimesTen In-Memory Database product of Oracle TimesTen In-Memory Database (component: Install (Dave Gamble/cJSON)). The supported version that is affected is Prior to 18.1.3.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle TimesTen In-Memory Database. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle TimesTen In-Memory Database. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-1010239 P-1870V-Prior to 18.1.3.1.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1870V-Prior to 18.1.3.1.0 Vulnerability in the Oracle Banking Platform product of Oracle Financial Services Applications (component: Collections (xstream)). Supported versions that are affected are 2.4.0-2.10.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Platform. Successful attacks of this vulnerability can result in takeover of Oracle Banking Platform. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-10173 P-9178V-2.4.0-2.10.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-9178V-2.4.0-2.10.0 Vulnerability in the Oracle Communications BRM - Elastic Charging Engine product of Oracle Communications Applications (component: Diameter Gateway and SDK (xstream)). Supported versions that are affected are 11.3.0.9.0 and 12.0.0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications BRM - Elastic Charging Engine. Successful attacks of this vulnerability can result in takeover of Oracle Communications BRM - Elastic Charging Engine. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-10173 P-9742V-11.3.0.9.0 P-9742V-12.0.0.3.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-9742V-11.3.0.9.0 P-9742V-12.0.0.3.0 Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: IDIH (xstream)). Supported versions that are affected are IDIH: 8.0.0-8.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router (DSR) accessible data as well as unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Diameter Signaling Router (DSR). CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Security patch has been released CVE-2019-10173 P-10899V-IDIH: 8.0.0-8.2.2 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10899V-IDIH: 8.0.0-8.2.2 Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Core (xstream)). Supported versions that are affected are 7.3.0 and 7.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Inventory Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-10173 P-4516V-7.3.0 P-4516V-7.4.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-4516V-7.3.0 P-4516V-7.4.0 Vulnerability in the Oracle Endeca Information Discovery Studio product of Oracle Fusion Middleware (component: Endeca Server (xstream)). The supported version that is affected is 3.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Endeca Information Discovery Studio. Successful attacks of this vulnerability can result in takeover of Oracle Endeca Information Discovery Studio. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-10173 P-9634V-3.2.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-9634V-3.2.0 Vulnerability in the Oracle Utilities Framework product of Oracle Utilities Applications (component: Common (xstream)). Supported versions that are affected are 2.2.0.0.0, 4.2.0.2.0, 4.2.0.3.0, 4.3.0.1.0 - 4.3.0.6.0 and 4.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Framework. Successful attacks of this vulnerability can result in takeover of Oracle Utilities Framework. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-10173 P-2245V-2.2.0.0.0 P-2245V-4.2.0.2.0 P-2245V-4.2.0.3.0 P-2245V-4.3.0.1.0 - 4.3.0.6.0 P-2245V-4.4.0.0.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-2245V-2.2.0.0.0 P-2245V-4.2.0.2.0 P-2245V-4.2.0.3.0 P-2245V-4.3.0.1.0 - 4.3.0.6.0 P-2245V-4.4.0.0.0 Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework (xstream)). Supported versions that are affected are 11.1.1.9.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Portal. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-10173 P-1696V-11.1.1.9.0 P-1696V-12.2.1.3.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1696V-11.1.1.9.0 P-1696V-12.2.1.3.0 Vulnerability in the Oracle FLEXCUBE Core Banking product of Oracle Financial Services Applications (component: Core (Eclipse Jetty)). Supported versions that are affected are 5.2.0 and 11.5.0-11.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Core Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Core Banking accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2019-10247 P-9101V-5.2.0 P-9101V-11.5.0-11.7.0 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-9101V-5.2.0 P-9101V-11.5.0-11.7.0 Security-in-Depth issue in the Big Data Spatial and Graph product of Oracle Big Data Graph (component: Property Graph Analytics (lodash)). The supported version that is affected is Prior to 20.2. This vulnerability cannot be exploited in the context of this product. Note: CVEs addressed by this patch are not exploitable in the context of Property Graph and Analytics in Big Data Spatial and Graph product, thus the CVSS score is 0.0. CVSS 3.1 Base Score 0.0. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N). Security patch has been released CVE-2019-10744 P-11528V-Prior to 20.2 0.0 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-11528V-Prior to 20.2 Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: Core (PHP)). Supported versions that are affected are 8.0.0.0-8.4.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Diameter Signaling Router (DSR). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Security patch has been released CVE-2019-11048 P-10899V-8.0.0.0-8.4.0.5 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10899V-8.0.0.0-8.4.0.5 Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security (jQuery)). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of BI Publisher accessible data as well as unauthorized read access to a subset of BI Publisher accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-11358 P-1479V-5.5.0.0.0 P-1479V-12.2.1.3.0 P-1479V-12.2.1.4.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1479V-5.5.0.0.0 P-1479V-12.2.1.3.0 P-1479V-12.2.1.4.0 Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Runtime Engine (jQuery)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Process Management Suite, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Process Management Suite accessible data as well as unauthorized read access to a subset of Oracle Business Process Management Suite accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-11358 P-5325V-12.2.1.3.0 P-5325V-12.2.1.4.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5325V-12.2.1.3.0 P-5325V-12.2.1.4.0 Vulnerability in the Oracle Retail Point-of-Service product of Oracle Retail Applications (component: Mobile POS (jQuery)). Supported versions that are affected are 14.0 and 14.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Point-of-Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Point-of-Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Point-of-Service accessible data as well as unauthorized read access to a subset of Oracle Retail Point-of-Service accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-11358 P-2017V-14.0 P-2017V-14.1 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-2017V-14.0 P-2017V-14.1 Vulnerability in the Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers product of Oracle Systems (component: XCP Firmware (Linux Kernel)). Supported versions that are affected are Prior to XCP2362 and prior to XCP3090. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-11477 P-10656V-Prior to XCP2362 P-10656V-prior to XCP3090 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10656V-Prior to XCP2362 P-10656V-prior to XCP3090 Security-in-Depth issue in the Core RDBMS (Zstandard) component of Oracle Database Server. The supported version that is affected is 19c. This vulnerability cannot be exploited in the context of this product.CVSS 3.1 Base Score 0.0. CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N). Security patch has been released CVE-2019-11922 P-5V-19c 0.0 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5V-19c Vulnerability in the Oracle Communications EAGLE Software product of Oracle Communications (component: Network Stack (Wind River VxWorks)). Supported versions that are affected are 46.6.0-46.8.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Communications EAGLE Software. Successful attacks of this vulnerability can result in takeover of Oracle Communications EAGLE Software. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-12260 P-10768V-46.6.0-46.8.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10768V-46.6.0-46.8.2 Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: Core (Apache Commons Compress)). Supported versions that are affected are 8.2.0-8.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Element Manager. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-12402 P-11052V-8.2.0-8.2.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-11052V-8.2.0-8.2.2 Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: Core (Apache Commons Compress)). Supported versions that are affected are 8.2.0-8.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Session Report Manager. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-12402 P-10770V-8.2.0-8.2.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10770V-8.2.0-8.2.2 Vulnerability in the Oracle Communications Session Route Manager product of Oracle Communications (component: Core (Apache Commons Compress)). Supported versions that are affected are 8.2.0-8.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Route Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Session Route Manager. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-12402 P-10771V-8.2.0-8.2.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10771V-8.2.0-8.2.2 Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: IDIH (Apache POI)). Supported versions that are affected are IDIH: 8.0.0-8.2.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Diameter Signaling Router (DSR) executes to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Diameter Signaling Router (DSR) accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2019-12415 P-10899V-IDIH: 8.0.0-8.2.2 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10899V-IDIH: 8.0.0-8.2.2 Vulnerability in the Oracle Retail Order Broker product of Oracle Retail Applications (component: Store Connect (Apache POI)). Supported versions that are affected are 15.0 and 16.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Retail Order Broker executes to compromise Oracle Retail Order Broker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Order Broker accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2019-12415 P-11520V-15.0 P-11520V-16.0 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-11520V-15.0 P-11520V-16.0 Vulnerability in the Core RDBMS (bzip2) component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having DBA Level Account privilege with network access via Oracle Net to compromise Core RDBMS (bzip2). Successful attacks of this vulnerability can result in takeover of Core RDBMS (bzip2). CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-12900 P-5V-11.2.0.4 P-5V-12.1.0.2 P-5V-12.2.0.1 P-5V-18c P-5V-19c 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5V-11.2.0.4 P-5V-12.1.0.2 P-5V-12.2.0.1 P-5V-18c P-5V-19c Vulnerability in the Oracle Communications Session Route Manager product of Oracle Communications (component: Core (Quartz Scheduler)). Supported versions that are affected are 8.2.0-8.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Route Manager. Successful attacks of this vulnerability can result in takeover of Oracle Communications Session Route Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-13990 P-10771V-8.2.0-8.2.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10771V-8.2.0-8.2.2 Vulnerability in the Enterprise Manager Ops Center product of Oracle Enterprise Manager (component: Agent Provisioning (Quartz Scheduler)). The supported version that is affected is 12.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in takeover of Enterprise Manager Ops Center. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-13990 P-9835V-12.4.0.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-9835V-12.4.0.0 Vulnerability in the Hyperion Essbase product of Oracle Hyperion (component: Security and Provisioning (OpenSSL)). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Hyperion Essbase executes to compromise Hyperion Essbase. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hyperion Essbase accessible data. CVSS 3.1 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2019-1547 P-4379V-11.1.2.4 4.7 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-4379V-11.1.2.4 Security-in-Depth issue in the Oracle REST Data Services product of Oracle REST Data Services (component: General (jackson-databind)). Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. This vulnerability cannot be exploited in the context of this product.CVSS 3.1 Base Score 0.0. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N). Security patch has been released CVE-2019-16335 P-9456V-11.2.0.4 P-9456V-12.1.0.2 P-9456V-12.2.0.1 P-9456V-18c P-9456V-19c 0.0 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-9456V-11.2.0.4 P-9456V-12.1.0.2 P-9456V-12.2.0.1 P-9456V-18c P-9456V-19c Security-in-Depth issue in the Oracle Spatial and Graph (jackson-databind) component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. This vulnerability cannot be exploited in the context of this product. Note: CVE-2019-16943, and additional CVEs addressed by this patch, are not exploitable in the context of Oracle Spatial and Graph, Property Graph Analytics, so the CVSS scores are all 0.0. Also, CVE-2019-16943 only applies to Windows platforms. CVSS 3.1 Base Score 0.0. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N). Security patch has been released CVE-2019-16943 P-619V-11.2.0.4 P-619V-12.1.0.2 P-619V-12.2.0.1 P-619V-18c 0.0 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-619V-11.2.0.4 P-619V-12.1.0.2 P-619V-12.2.0.1 P-619V-18c Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: Platform (Eclipse Mojarra)). Supported versions that are affected are 8.0.0.0-8.4.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Diameter Signaling Router (DSR), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router (DSR) accessible data as well as unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-17091 P-10899V-8.0.0.0-8.4.0.5 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10899V-8.0.0.0-8.4.0.5 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (jackson-databind)). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-17267 P-5242V-12.2.1.3.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5242V-12.2.1.3.0 Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: IDIH (Bouncy Castle Java Library)). Supported versions that are affected are IDIH: 8.0.0-8.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Diameter Signaling Router (DSR). CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-17359 P-10899V-IDIH: 8.0.0-8.2.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10899V-IDIH: 8.0.0-8.2.2 Vulnerability in the Oracle Communications Session Route Manager product of Oracle Communications (component: Core (Bouncy Castle Java Library)). Supported versions that are affected are 8.2.0-8.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Session Route Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Session Route Manager. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-17359 P-10771V-8.2.0-8.2.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10771V-8.2.0-8.2.2 Security-in-Depth issue in the SQL Developer Install (Bouncy Castle) component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. This vulnerability cannot be exploited in the context of this product.CVSS 3.1 Base Score 0.0. CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N). Security patch has been released CVE-2019-17359 P-1875V-11.2.0.4 P-1875V-12.1.0.2 P-1875V-12.2.0.1 P-1875V-18c 0.0 AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1875V-11.2.0.4 P-1875V-12.1.0.2 P-1875V-12.2.0.1 P-1875V-18c Vulnerability in the Oracle Banking Platform product of Oracle Financial Services Applications (component: Collections (Swagger UI)). Supported versions that are affected are 2.4.0-2.10.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Platform. Successful attacks of this vulnerability can result in takeover of Oracle Banking Platform. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-17495 P-9178V-2.4.0-2.10.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-9178V-2.4.0-2.10.0 Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin (Swagger UI)). Supported versions that are affected are 16.2.0-16.2.11 and 17.12.0-17.12.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Gateway. Successful attacks of this vulnerability can result in takeover of Primavera Gateway. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-17495 P-10605V-16.2.0-16.2.11 P-10605V-17.12.0-17.12.8 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10605V-16.2.0-16.2.11 P-10605V-17.12.0-17.12.8 Vulnerability in the Oracle GoldenGate Application Adapters product of Oracle Fusion Middleware (component: Build Request (jackson-databind)). The supported version that is affected is 19.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GoldenGate Application Adapters. Successful attacks of this vulnerability can result in takeover of Oracle GoldenGate Application Adapters. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-17531 P-5760V-19.1.0.0.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5760V-19.1.0.0.0 Security-in-Depth issue in the Core RDBMS (LZ4) component of Oracle Database Server. The supported version that is affected is 19c. This vulnerability cannot be exploited in the context of this product.CVSS 3.1 Base Score 0.0. CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N). Security patch has been released CVE-2019-17543 P-5V-19c 0.0 AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5V-19c Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Platform (Apache Solr)). Supported versions that are affected are 16.1, 16.2, 17.7-17.12, 18.8 and 19.12. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in takeover of Primavera Unifier. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-17558 P-10354V-16.1 P-10354V-16.2 P-10354V-17.7-17.12 P-10354V-18.8 P-10354V-19.12 7.5 AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10354V-16.1 P-10354V-16.2 P-10354V-17.7-17.12 P-10354V-18.8 P-10354V-19.12 Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Load Testing for Web Apps (Eclipse Jetty)). The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Application Testing Suite accessible data as well as unauthorized access to critical data or complete access to all Oracle Application Testing Suite accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Testing Suite. CVSS 3.1 Base Score 9.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L). Security patch has been released CVE-2019-17638 P-4622V-13.3.0.1 9.4 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-4622V-13.3.0.1 Vulnerability in the Oracle Communications Application Session Controller product of Oracle Communications (component: WS and WEB (Eclipse Jetty)). The supported version that is affected is 3.9m0p1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Application Session Controller. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Application Session Controller accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Application Session Controller accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Application Session Controller. CVSS 3.1 Base Score 9.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L). Security patch has been released CVE-2019-17638 P-10769V-3.9m0p1 9.4 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10769V-3.9m0p1 Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: Core (Eclipse Jetty)). Supported versions that are affected are 8.2.0-8.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Element Manager accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Element Manager accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Element Manager. CVSS 3.1 Base Score 9.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L). Security patch has been released CVE-2019-17638 P-11052V-8.2.0-8.2.2 9.4 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-11052V-8.2.0-8.2.2 Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: Core (Eclipse Jetty)). Supported versions that are affected are 8.2.0-8.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Session Report Manager accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Session Report Manager accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Session Report Manager. CVSS 3.1 Base Score 9.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L). Security patch has been released CVE-2019-17638 P-10770V-8.2.0-8.2.2 9.4 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10770V-8.2.0-8.2.2 Vulnerability in the Oracle Communications Session Route Manager product of Oracle Communications (component: Core (Eclipse Jetty)). Supported versions that are affected are 8.2.0-8.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Route Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Session Route Manager accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Session Route Manager accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Session Route Manager. CVSS 3.1 Base Score 9.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L). Security patch has been released CVE-2019-17638 P-10771V-8.2.0-8.2.2 9.4 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10771V-8.2.0-8.2.2 Vulnerability in the Oracle Hospitality Guest Access product of Oracle Hospitality Applications (component: Base (Eclipse Jetty)). Supported versions that are affected are 4.2.0 and 4.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Guest Access. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Guest Access accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Guest Access accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Guest Access. CVSS 3.1 Base Score 9.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L). Security patch has been released CVE-2019-17638 P-12617V-4.2.0 P-12617V-4.2.1 9.4 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-12617V-4.2.0 P-12617V-4.2.1 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management). Supported versions that are affected are 13.3.0.0 and 13.4.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. While the vulnerability is in Enterprise Manager Base Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data. CVSS 3.1 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-2897 P-1370V-13.3.0.0 P-1370V-13.4.0.0 6.4 AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1370V-13.3.0.0 P-1370V-13.4.0.0 Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Runtime Engine (Application Development Framework)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Process Management Suite, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Process Management Suite accessible data as well as unauthorized read access to a subset of Oracle Business Process Management Suite accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-2904 P-5325V-12.2.1.3.0 P-5325V-12.2.1.4.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5325V-12.2.1.3.0 P-5325V-12.2.1.4.0 Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: Platform (Application Development Framework)). Supported versions that are affected are 8.0.0.0-8.4.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks of this vulnerability can result in takeover of Oracle Communications Diameter Signaling Router (DSR). CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-2904 P-10899V-8.0.0.0-8.4.0.5 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10899V-8.0.0.0-8.4.0.5 Vulnerability in the Oracle Enterprise Repository product of Oracle Fusion Middleware (component: Security Subsystem - 12c (Application Development Framework)). The supported version that is affected is 11.1.1.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Repository. Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Repository. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-2904 P-5326V-11.1.1.7.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5326V-11.1.1.7.0 Vulnerability in the Application Performance Management (APM) product of Oracle Enterprise Manager (component: Comp Management and Life Cycle Management (RSA BSAFE Crypto-J)). Supported versions that are affected are 13.3.0.0 and 13.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Application Performance Management (APM). Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Application Performance Management (APM) accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). Security patch has been released CVE-2019-3740 P-9572V-13.3.0.0 P-9572V-13.4.0.0 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-9572V-13.3.0.0 P-9572V-13.4.0.0 Vulnerability in the Oracle Retail Assortment Planning product of Oracle Retail Applications (component: Application Core (RSA BSAFE Crypto-J)). Supported versions that are affected are 15.0.3.0 and 16.0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Assortment Planning. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Assortment Planning accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). Security patch has been released CVE-2019-3740 P-1788V-15.0.3.0 P-1788V-16.0.3.0 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1788V-15.0.3.0 P-1788V-16.0.3.0 Vulnerability in the Oracle Retail Integration Bus product of Oracle Retail Applications (component: RIB Kernal (RSA BSAFE Crypto-J)). Supported versions that are affected are 14.1, 15.0 and 16.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Integration Bus. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Integration Bus accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). Security patch has been released CVE-2019-3740 P-1807V-14.1 P-1807V-15.0 P-1807V-16.0 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1807V-14.1 P-1807V-15.0 P-1807V-16.0 Vulnerability in the Oracle Retail Predictive Application Server product of Oracle Retail Applications (component: RPAS Server (RSA BSAFE Crypto-J)). Supported versions that are affected are 14.1.3.0, 15.0.3.0 and 16.0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Predictive Application Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Predictive Application Server accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). Security patch has been released CVE-2019-3740 P-1823V-14.1.3.0 P-1823V-15.0.3.0 P-1823V-16.0.3.0 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1823V-14.1.3.0 P-1823V-15.0.3.0 P-1823V-16.0.3.0 Vulnerability in the Oracle Retail Service Backbone product of Oracle Retail Applications (component: RSB kernel (RSA BSAFE Crypto-J)). Supported versions that are affected are 14.1, 15.0 and 16.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Service Backbone. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Service Backbone accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). Security patch has been released CVE-2019-3740 P-10867V-14.1 P-10867V-15.0 P-10867V-16.0 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10867V-14.1 P-10867V-15.0 P-10867V-16.0 Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (RSA BSAFE Crypto-J)). Supported versions that are affected are 15.0.3, 16.0.5, 17.0.3, 18.0.2 and 19.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Xstore Point of Service accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). Security patch has been released CVE-2019-3740 P-11513V-15.0.3 P-11513V-16.0.5 P-11513V-17.0.3 P-11513V-18.0.2 P-11513V-19.0.1 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-11513V-15.0.3 P-11513V-16.0.5 P-11513V-17.0.3 P-11513V-18.0.2 P-11513V-19.0.1 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener (cURL)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TFTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in takeover of Oracle HTTP Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-5482 P-1042V-12.2.1.3.0 P-1042V-12.2.1.4.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1042V-12.2.1.3.0 P-1042V-12.2.1.4.0 Vulnerability in the Hyperion Essbase product of Oracle Hyperion (component: Security and Provisioning (cURL)). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via TFTP to compromise Hyperion Essbase. Successful attacks of this vulnerability can result in takeover of Hyperion Essbase. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-5482 P-4379V-11.1.2.4 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-4379V-11.1.2.4 Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Security (dom4j)). Supported versions that are affected are 9.3.3 and 9.3.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-10683 P-4461V-9.3.3 P-4461V-9.3.5 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-4461V-9.3.3 P-4461V-9.3.5 Vulnerability in the Oracle Banking Platform product of Oracle Financial Services Applications (component: Collections (dom4j)). Supported versions that are affected are 2.4.0-2.10.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Platform. Successful attacks of this vulnerability can result in takeover of Oracle Banking Platform. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-10683 P-9178V-2.4.0-2.10.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-9178V-2.4.0-2.10.0 Vulnerability in the Oracle Communications Application Session Controller product of Oracle Communications (component: WS and WEB (dom4j)). The supported version that is affected is 3.9m0p1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Communications Application Session Controller. Successful attacks of this vulnerability can result in takeover of Oracle Communications Application Session Controller. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-10683 P-10769V-3.9m0p1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10769V-3.9m0p1 Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: IDIH (dom4j)). Supported versions that are affected are IDIH: 8.0.0-8.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks of this vulnerability can result in takeover of Oracle Communications Diameter Signaling Router (DSR). CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-10683 P-10899V-IDIH: 8.0.0-8.2.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10899V-IDIH: 8.0.0-8.2.2 Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Core (dom4j)). Supported versions that are affected are 7.3.0 and 7.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Inventory Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-10683 P-4516V-7.3.0 P-4516V-7.4.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-4516V-7.3.0 P-4516V-7.4.0 Vulnerability in the Oracle Endeca Information Discovery Integrator product of Oracle Fusion Middleware (component: Integrator ETL (dom4j)). The supported version that is affected is 3.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Endeca Information Discovery Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Endeca Information Discovery Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-10683 P-10561V-3.2.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10561V-3.2.0 Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure (dom4j)). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-10683 P-5680V-8.0.6-8.1.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5680V-8.0.6-8.1.0 Vulnerability in the Oracle Health Sciences Empirica Signal product of Oracle Health Sciences Applications (component: User Interface (dom4j)). The supported version that is affected is 9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Health Sciences Empirica Signal. Successful attacks of this vulnerability can result in takeover of Oracle Health Sciences Empirica Signal. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-10683 P-9646V-9.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-9646V-9.0 Vulnerability in the Oracle Retail Order Broker product of Oracle Retail Applications (component: System Administration (dom4j)). Supported versions that are affected are 15.0, 16.0, 18.0, 19.0 and 19.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Order Broker. Successful attacks of this vulnerability can result in takeover of Oracle Retail Order Broker. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-10683 P-11520V-15.0 P-11520V-16.0 P-11520V-18.0 P-11520V-19.0 P-11520V-19.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-11520V-15.0 P-11520V-16.0 P-11520V-18.0 P-11520V-19.0 P-11520V-19.1 Vulnerability in the Oracle Retail Price Management product of Oracle Retail Applications (component: Security (dom4j)). Supported versions that are affected are 14.0.4, 14.1.3.0, 15.0.3.0 and 16.0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Price Management. Successful attacks of this vulnerability can result in takeover of Oracle Retail Price Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-10683 P-1824V-14.0.4 P-1824V-14.1.3.0 P-1824V-15.0.3.0 P-1824V-16.0.3.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1824V-14.0.4 P-1824V-14.1.3.0 P-1824V-15.0.3.0 P-1824V-16.0.3.0 Vulnerability in the Oracle Utilities Framework product of Oracle Utilities Applications (component: General (dom4j)). Supported versions that are affected are 2.2.0.0.0, 4.2.0.2.0, 4.2.0.3.0, 4.3.0.1.0 - 4.3.0.6.0, 4.4.0.0.0 and 4.4.0.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Framework. Successful attacks of this vulnerability can result in takeover of Oracle Utilities Framework. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-10683 P-2245V-2.2.0.0.0 P-2245V-4.2.0.2.0 P-2245V-4.2.0.3.0 P-2245V-4.3.0.1.0 - 4.3.0.6.0 P-2245V-4.4.0.0.0 P-2245V-4.4.0.2.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-2245V-2.2.0.0.0 P-2245V-4.2.0.2.0 P-2245V-4.2.0.3.0 P-2245V-4.3.0.1.0 - 4.3.0.6.0 P-2245V-4.4.0.0.0 P-2245V-4.4.0.2.0 Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Portlet Services (dom4j)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Portal. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-10683 P-1696V-12.2.1.3.0 P-1696V-12.2.1.4.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1696V-12.2.1.3.0 P-1696V-12.2.1.4.0 Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications (component: Platform (DPDK)). Supported versions that are affected are 8.2-8.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Communications Session Border Controller executes to compromise Oracle Communications Session Border Controller. Successful attacks of this vulnerability can result in takeover of Oracle Communications Session Border Controller. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-10722 P-10750V-8.2-8.4 6.7 AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10750V-8.2-8.4 Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Core (Perl)). Supported versions that are affected are 12.0.0.2.0 and 12.0.0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Billing and Revenue Management as well as unauthorized update, insert or delete access to some of Oracle Communications Billing and Revenue Management accessible data and unauthorized read access to a subset of Oracle Communications Billing and Revenue Management accessible data. CVSS 3.1 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H). Security patch has been released CVE-2020-10878 P-2136V-12.0.0.2.0 P-2136V-12.0.0.3.0 8.6 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-2136V-12.0.0.2.0 P-2136V-12.0.0.3.0 Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Supplier Portal (jQuery)). The supported version that is affected is 6.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile Product Lifecycle Management for Process, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile Product Lifecycle Management for Process accessible data as well as unauthorized read access to a subset of Oracle Agile Product Lifecycle Management for Process accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-4447V-6.2.0.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-4447V-6.2.0.0 Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: Framework (jQuery)). Supported versions that are affected are 18.1, 18.2, 18.3, 19.1, 19.2 and 20.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Digital Experience, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Digital Experience accessible data as well as unauthorized read access to a subset of Oracle Banking Digital Experience accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-12605V-18.1 P-12605V-18.2 P-12605V-18.3 P-12605V-19.1 P-12605V-19.2 P-12605V-20.1 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-12605V-18.1 P-12605V-18.2 P-12605V-18.3 P-12605V-19.1 P-12605V-19.2 P-12605V-20.1 Vulnerability in the Oracle Communications Application Session Controller product of Oracle Communications (component: Core (jQuery)). The supported version that is affected is 3.8m0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Application Session Controller. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Application Session Controller, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Application Session Controller accessible data as well as unauthorized read access to a subset of Oracle Communications Application Session Controller accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-10769V-3.8m0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10769V-3.8m0 Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Billing Operation Center and Oracle Communication Billing Care (jQuery)). Supported versions that are affected are 7.5.0.23.0 and 12.0.0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Billing and Revenue Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Billing and Revenue Management accessible data as well as unauthorized read access to a subset of Oracle Communications Billing and Revenue Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-2136V-7.5.0.23.0 P-2136V-12.0.0.3.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-2136V-7.5.0.23.0 P-2136V-12.0.0.3.0 Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: IDIH (jQuery)). Supported versions that are affected are IDIH: 8.0.0-8.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Diameter Signaling Router (DSR), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router (DSR) accessible data as well as unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-10899V-IDIH: 8.0.0-8.2.2 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10899V-IDIH: 8.0.0-8.2.2 Vulnerability in the Oracle Communications WebRTC Session Controller product of Oracle Communications (component: ME (jQuery)). The supported version that is affected is 7.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications WebRTC Session Controller. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications WebRTC Session Controller, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications WebRTC Session Controller accessible data as well as unauthorized read access to a subset of Oracle Communications WebRTC Session Controller accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-10811V-7.2 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10811V-7.2 Vulnerability in the Enterprise Manager Ops Center product of Oracle Enterprise Manager (component: Reports in Ops Center (jQuery)). The supported version that is affected is 12.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Ops Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Enterprise Manager Ops Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Ops Center accessible data as well as unauthorized read access to a subset of Enterprise Manager Ops Center accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-9835V-12.4.0.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-9835V-12.4.0.0 Vulnerability in the Oracle Enterprise Session Border Controller product of Oracle Communications (component: Core (jQuery)). The supported version that is affected is 8.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Session Border Controller. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Session Border Controller, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Session Border Controller accessible data as well as unauthorized read access to a subset of Oracle Enterprise Session Border Controller accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-10757V-8.4 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10757V-8.4 Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure (jQuery)). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-5680V-8.0.6-8.1.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5680V-8.0.6-8.1.0 Vulnerability in the Oracle Financial Services Analytical Applications Reconciliation Framework product of Oracle Financial Services Applications (component: User Interface (jQuery)). Supported versions that are affected are 8.0.6-8.0.8 and 8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Reconciliation Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Analytical Applications Reconciliation Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Reconciliation Framework accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Reconciliation Framework accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-5748V-8.0.6-8.0.8 P-5748V-8.1.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5748V-8.0.6-8.0.8 P-5748V-8.1.0 Vulnerability in the Oracle Financial Services Asset Liability Management product of Oracle Financial Services Applications (component: User Interface (jQuery)). Supported versions that are affected are 8.0.6, 8.0.7 and 8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Asset Liability Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Asset Liability Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Asset Liability Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Asset Liability Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-5662V-8.0.6 P-5662V-8.0.7 P-5662V-8.1.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5662V-8.0.6 P-5662V-8.0.7 P-5662V-8.1.0 Vulnerability in the Oracle Financial Services Balance Sheet Planning product of Oracle Financial Services Applications (component: User Interface (jQuery)). The supported version that is affected is 8.0.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Balance Sheet Planning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Balance Sheet Planning, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Balance Sheet Planning accessible data as well as unauthorized read access to a subset of Oracle Financial Services Balance Sheet Planning accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-5663V-8.0.8 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5663V-8.0.8 Vulnerability in the Oracle Financial Services Basel Regulatory Capital Basic product of Oracle Financial Services Applications (component: User Interface (jQuery)). Supported versions that are affected are 8.0.6-8.0.8 and 8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Basel Regulatory Capital Basic. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Basel Regulatory Capital Basic, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Basel Regulatory Capital Basic accessible data as well as unauthorized read access to a subset of Oracle Financial Services Basel Regulatory Capital Basic accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-9612V-8.0.6-8.0.8 P-9612V-8.1.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-9612V-8.0.6-8.0.8 P-9612V-8.1.0 Vulnerability in the Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach product of Oracle Financial Services Applications (component: User Interface (jQuery)). Supported versions that are affected are 8.0.6-8.0.8 and 8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach accessible data as well as unauthorized read access to a subset of Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-9450V-8.0.6-8.0.8 P-9450V-8.1.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-9450V-8.0.6-8.0.8 P-9450V-8.1.0 Vulnerability in the Oracle Financial Services Data Foundation product of Oracle Financial Services Applications (component: Infrastructure (jQuery)). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Data Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Data Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Data Foundation accessible data as well as unauthorized read access to a subset of Oracle Financial Services Data Foundation accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-9180V-8.0.6-8.1.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-9180V-8.0.6-8.1.0 Vulnerability in the Oracle Financial Services Data Governance for US Regulatory Reporting product of Oracle Financial Services Applications (component: User Interface (jQuery)). Supported versions that are affected are 8.0.6-8.0.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Data Governance for US Regulatory Reporting. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Data Governance for US Regulatory Reporting, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Data Governance for US Regulatory Reporting accessible data as well as unauthorized read access to a subset of Oracle Financial Services Data Governance for US Regulatory Reporting accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-11669V-8.0.6-8.0.9 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-11669V-8.0.6-8.0.9 Vulnerability in the Oracle Financial Services Data Integration Hub product of Oracle Financial Services Applications (component: User Interface (jQuery)). Supported versions that are affected are 8.0.6, 8.0.7 and 8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Data Integration Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Data Integration Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Data Integration Hub accessible data as well as unauthorized read access to a subset of Oracle Financial Services Data Integration Hub accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-11289V-8.0.6 P-11289V-8.0.7 P-11289V-8.1.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-11289V-8.0.6 P-11289V-8.0.7 P-11289V-8.1.0 Vulnerability in the Oracle Financial Services Funds Transfer Pricing product of Oracle Financial Services Applications (component: User Interface (jQuery)). Supported versions that are affected are 8.0.6, 8.0.7 and 8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Funds Transfer Pricing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Funds Transfer Pricing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Funds Transfer Pricing accessible data as well as unauthorized read access to a subset of Oracle Financial Services Funds Transfer Pricing accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-5659V-8.0.6 P-5659V-8.0.7 P-5659V-8.1.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5659V-8.0.6 P-5659V-8.0.7 P-5659V-8.1.0 Vulnerability in the Oracle Financial Services Hedge Management and IFRS Valuations product of Oracle Financial Services Applications (component: User Interface (jQuery)). Supported versions that are affected are 8.0.6-8.0.8 and 8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Hedge Management and IFRS Valuations. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Hedge Management and IFRS Valuations, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Hedge Management and IFRS Valuations accessible data as well as unauthorized read access to a subset of Oracle Financial Services Hedge Management and IFRS Valuations accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-9332V-8.0.6-8.0.8 P-9332V-8.1.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-9332V-8.0.6-8.0.8 P-9332V-8.1.0 Vulnerability in the Oracle Financial Services Institutional Performance Analytics product of Oracle Financial Services Applications (component: User Interface (jQuery)). Supported versions that are affected are 8.0.6, 8.0.7 and 8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Institutional Performance Analytics. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Institutional Performance Analytics, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Institutional Performance Analytics accessible data as well as unauthorized read access to a subset of Oracle Financial Services Institutional Performance Analytics accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-10215V-8.0.6 P-10215V-8.0.7 P-10215V-8.1.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10215V-8.0.6 P-10215V-8.0.7 P-10215V-8.1.0 Vulnerability in the Oracle Financial Services Liquidity Risk Management product of Oracle Financial Services Applications (component: User Interface (jQuery)). The supported version that is affected is 8.0.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Liquidity Risk Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Liquidity Risk Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Liquidity Risk Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Liquidity Risk Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-9096V-8.0.6 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-9096V-8.0.6 Vulnerability in the Oracle Financial Services Liquidity Risk Measurement and Management product of Oracle Financial Services Applications (component: User Interface (jQuery)). Supported versions that are affected are 8.0.7, 8.0.8 and 8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Liquidity Risk Measurement and Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Liquidity Risk Measurement and Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Liquidity Risk Measurement and Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Liquidity Risk Measurement and Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-13797V-8.0.7 P-13797V-8.0.8 P-13797V-8.1.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-13797V-8.0.7 P-13797V-8.0.8 P-13797V-8.1.0 Vulnerability in the Oracle Financial Services Loan Loss Forecasting and Provisioning product of Oracle Financial Services Applications (component: User Interface (jQuery)). Supported versions that are affected are 8.0.6-8.0.8 and 8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Loan Loss Forecasting and Provisioning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Loan Loss Forecasting and Provisioning, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Loan Loss Forecasting and Provisioning accessible data as well as unauthorized read access to a subset of Oracle Financial Services Loan Loss Forecasting and Provisioning accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-9474V-8.0.6-8.0.8 P-9474V-8.1.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-9474V-8.0.6-8.0.8 P-9474V-8.1.0 Vulnerability in the Oracle Financial Services Market Risk Measurement and Management product of Oracle Financial Services Applications (component: Infrastructure (jQuery)). Supported versions that are affected are 8.0.6 and 8.0.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Market Risk Measurement and Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Market Risk Measurement and Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Market Risk Measurement and Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Market Risk Measurement and Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-13111V-8.0.6 P-13111V-8.0.8 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-13111V-8.0.6 P-13111V-8.0.8 Vulnerability in the Oracle Financial Services Price Creation and Discovery product of Oracle Financial Services Applications (component: User Interface (jQuery)). Supported versions that are affected are 8.0.6 and 8.0.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Price Creation and Discovery, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-5749V-8.0.6 P-5749V-8.0.7 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5749V-8.0.6 P-5749V-8.0.7 Vulnerability in the Oracle Financial Services Profitability Management product of Oracle Financial Services Applications (component: User Interface (jQuery)). Supported versions that are affected are 8.0.6, 8.0.7 and 8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Profitability Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Profitability Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Profitability Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Profitability Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-5658V-8.0.6 P-5658V-8.0.7 P-5658V-8.1.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5658V-8.0.6 P-5658V-8.0.7 P-5658V-8.1.0 Vulnerability in the Oracle Financial Services Regulatory Reporting for European Banking Authority product of Oracle Financial Services Applications (component: User Interface (jQuery)). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Regulatory Reporting for European Banking Authority. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Regulatory Reporting for European Banking Authority, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Regulatory Reporting for European Banking Authority accessible data as well as unauthorized read access to a subset of Oracle Financial Services Regulatory Reporting for European Banking Authority accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-13147V-8.0.6-8.1.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-13147V-8.0.6-8.1.0 Vulnerability in the Oracle Financial Services Regulatory Reporting for US Federal Reserve product of Oracle Financial Services Applications (component: User Interface (jQuery)). Supported versions that are affected are 8.0.6-8.0.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Regulatory Reporting for US Federal Reserve. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Regulatory Reporting for US Federal Reserve, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Regulatory Reporting for US Federal Reserve accessible data as well as unauthorized read access to a subset of Oracle Financial Services Regulatory Reporting for US Federal Reserve accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-13080V-8.0.6-8.0.9 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-13080V-8.0.6-8.0.9 Vulnerability in the Oracle Healthcare Foundation product of Oracle Health Sciences Applications (component: Admin Console (jQuery)). Supported versions that are affected are 7.1.1, 7.2.0, 7.2.1 and 7.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Healthcare Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Healthcare Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Healthcare Foundation accessible data as well as unauthorized read access to a subset of Oracle Healthcare Foundation accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-12950V-7.1.1 P-12950V-7.2.0 P-12950V-7.2.1 P-12950V-7.3.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-12950V-7.1.1 P-12950V-7.2.0 P-12950V-7.2.1 P-12950V-7.3.0 Vulnerability in the Oracle Hospitality Materials Control product of Oracle Food and Beverage Applications (component: Mobile Authorization (jQuery)). The supported version that is affected is 18.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Materials Control. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Materials Control, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Materials Control accessible data as well as unauthorized read access to a subset of Oracle Hospitality Materials Control accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-12573V-18.1 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-12573V-18.1 Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Apps (jQuery)). Supported versions that are affected are 18.1, 18.2 and 19.1.0-19.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Simphony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Simphony accessible data as well as unauthorized read access to a subset of Oracle Hospitality Simphony accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-11594V-18.1 P-11594V-18.2 P-11594V-19.1.0-19.1.2 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-11594V-18.1 P-11594V-18.2 P-11594V-19.1.0-19.1.2 Vulnerability in the Oracle Insurance Accounting Analyzer product of Oracle Financial Services Applications (component: IFRS17 (jQuery)). The supported version that is affected is 8.0.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Accounting Analyzer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Insurance Accounting Analyzer, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Insurance Accounting Analyzer accessible data as well as unauthorized read access to a subset of Oracle Insurance Accounting Analyzer accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-13809V-8.0.9 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-13809V-8.0.9 Vulnerability in the Oracle Insurance Allocation Manager for Enterprise Profitability product of Oracle Financial Services Applications (component: User Interface (jQuery)). Supported versions that are affected are 8.0.8 and 8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Allocation Manager for Enterprise Profitability. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Insurance Allocation Manager for Enterprise Profitability, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Insurance Allocation Manager for Enterprise Profitability accessible data as well as unauthorized read access to a subset of Oracle Insurance Allocation Manager for Enterprise Profitability accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-13946V-8.0.8 P-13946V-8.1.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-13946V-8.0.8 P-13946V-8.1.0 Vulnerability in the Oracle Insurance Data Foundation product of Oracle Financial Services Applications (component: Infrastructure (jQuery)). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Data Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Insurance Data Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Insurance Data Foundation accessible data as well as unauthorized read access to a subset of Oracle Insurance Data Foundation accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-9755V-8.0.6-8.1.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-9755V-8.0.6-8.1.0 Vulnerability in the Oracle Insurance Insbridge Rating and Underwriting product of Oracle Insurance Applications (component: Framework Administrator IBFA (jQuery)). Supported versions that are affected are 5.0.0.0 - 5.6.0.0 and 5.6.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Insbridge Rating and Underwriting. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Insurance Insbridge Rating and Underwriting, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Insurance Insbridge Rating and Underwriting accessible data as well as unauthorized read access to a subset of Oracle Insurance Insbridge Rating and Underwriting accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-5484V-5.0.0.0 - 5.6.0.0 P-5484V-5.6.1.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5484V-5.0.0.0 - 5.6.0.0 P-5484V-5.6.1.0 Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: ADF Faces (jQuery)). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle JDeveloper, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle JDeveloper accessible data as well as unauthorized read access to a subset of Oracle JDeveloper accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-807V-11.1.1.9.0 P-807V-12.2.1.3.0 P-807V-12.2.1.4.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-807V-11.1.1.9.0 P-807V-12.2.1.3.0 P-807V-12.2.1.4.0 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology (jQuery)). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-5085V-8.56 P-5085V-8.57 P-5085V-8.58 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5085V-8.56 P-5085V-8.57 P-5085V-8.58 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal, Charting (jQuery)). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-5085V-8.56 P-5085V-8.57 P-5085V-8.58 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5085V-8.56 P-5085V-8.57 P-5085V-8.58 Vulnerability in the Oracle Policy Automation product of Oracle Policy Automation (component: Core (jQuery)). Supported versions that are affected are 12.2.0 - 12.2.20. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Policy Automation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Policy Automation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Policy Automation accessible data as well as unauthorized read access to a subset of Oracle Policy Automation accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-5624V-12.2.0 - 12.2.20 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5624V-12.2.0 - 12.2.20 Vulnerability in the Oracle Policy Automation Connector for Siebel product of Oracle Policy Automation (component: Core (jQuery)). The supported version that is affected is 10.4.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Policy Automation Connector for Siebel. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Policy Automation Connector for Siebel, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Policy Automation Connector for Siebel accessible data as well as unauthorized read access to a subset of Oracle Policy Automation Connector for Siebel accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-5627V-10.4.6 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5627V-10.4.6 Vulnerability in the Oracle Policy Automation for Mobile Devices product of Oracle Policy Automation (component: Core (jQuery)). Supported versions that are affected are 12.2.0 - 12.2.20. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Policy Automation for Mobile Devices. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Policy Automation for Mobile Devices, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Policy Automation for Mobile Devices accessible data as well as unauthorized read access to a subset of Oracle Policy Automation for Mobile Devices accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-5626V-12.2.0 - 12.2.20 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5626V-12.2.0 - 12.2.20 Vulnerability in the Oracle Retail Back Office product of Oracle Retail Applications (component: Security (jQuery)). Supported versions that are affected are 14.0 and 14.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Back Office. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Back Office, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Back Office accessible data as well as unauthorized read access to a subset of Oracle Retail Back Office accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-2013V-14.0 P-2013V-14.1 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-2013V-14.0 P-2013V-14.1 Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Segments (jQuery)). The supported version that is affected is 19.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Customer Management and Segmentation Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-13388V-19.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-13388V-19.0 Vulnerability in the Oracle Retail Returns Management product of Oracle Retail Applications (component: Security (jQuery)). Supported versions that are affected are 14.0 and 14.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Returns Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Returns Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Returns Management accessible data as well as unauthorized read access to a subset of Oracle Retail Returns Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-2020V-14.0 P-2020V-14.1 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-2020V-14.0 P-2020V-14.1 Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: UIF Open UI (jQuery)). The supported version that is affected is 20.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel UI Framework accessible data as well as unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-9011V-20.8 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-9011V-20.8 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console (jQuery)). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11022 P-5242V-10.3.6.0.0 P-5242V-12.1.3.0.0 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5242V-10.3.6.0.0 P-5242V-12.1.3.0.0 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 Vulnerability in the Oracle Application Express (jQuery) component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Express (jQuery). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express (jQuery), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express (jQuery) accessible data as well as unauthorized read access to a subset of Oracle Application Express (jQuery) accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11023 P-1348V-Prior to 20.2 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1348V-Prior to 20.2 Vulnerability in the ORDS (jQuery) component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise ORDS (jQuery). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in ORDS (jQuery), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of ORDS (jQuery) accessible data as well as unauthorized read access to a subset of ORDS (jQuery) accessible data. Note: Additional ORDS bugs are documented in the risk matrix "Oracle REST Data Services Risk Matrix". CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11023 P-5V-11.2.0.4 P-5V-12.1.0.2 P-5V-12.2.0.1 P-5V-18c P-5V-19c 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5V-11.2.0.4 P-5V-12.1.0.2 P-5V-12.2.0.1 P-5V-18c P-5V-19c Vulnerability in the Oracle REST Data Services product of Oracle REST Data Services (component: General (jQuery)). Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c; Standalone ORDS: prior to 20.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle REST Data Services. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle REST Data Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle REST Data Services accessible data as well as unauthorized read access to a subset of Oracle REST Data Services accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-11023 P-9456V-11.2.0.4 P-9456V-12.1.0.2 P-9456V-12.2.0.1 P-9456V-18c P-9456V-19c; Standalone ORDS: prior to 20.2.1 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-9456V-11.2.0.4 P-9456V-12.1.0.2 P-9456V-12.2.0.1 P-9456V-18c P-9456V-19c; Standalone ORDS: prior to 20.2.1 Security-in-Depth issue in the Oracle Spatial and Graph MapViewer (jQuery) component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 18c and 19c. This vulnerability cannot be exploited in the context of this product.CVSS 3.1 Base Score 0.0. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N). Security patch has been released CVE-2020-11023 P-619V-12.2.0.1 P-619V-18c P-619V-19c 0.0 AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-619V-12.2.0.1 P-619V-18c P-619V-19c Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications (component: System (http2)). Supported versions that are affected are 8.3 and 8.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Border Controller. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Session Border Controller. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-11080 P-10750V-8.3 P-10750V-8.4 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10750V-8.3 P-10750V-8.4 Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: IDIH (Apache Camel)). Supported versions that are affected are IDIH: 8.0.0-8.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks of this vulnerability can result in takeover of Oracle Communications Diameter Signaling Router (DSR). CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-11973 P-10899V-IDIH: 8.0.0-8.2.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10899V-IDIH: 8.0.0-8.2.2 Vulnerability in the Oracle FLEXCUBE Private Banking product of Oracle Financial Services Applications (component: Core (Apache Camel)). Supported versions that are affected are 12.0.0 and 12.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in takeover of Oracle FLEXCUBE Private Banking. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-11973 P-9110V-12.0.0 P-9110V-12.1.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-9110V-12.0.0 P-9110V-12.1.0 Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: Core (Apache HTTP Server)). Supported versions that are affected are 8.2.0-8.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in takeover of Oracle Communications Element Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-11984 P-11052V-8.2.0-8.2.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-11052V-8.2.0-8.2.2 Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: Core (Apache HTTP Server)). Supported versions that are affected are 8.2.0-8.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in takeover of Oracle Communications Session Report Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-11984 P-10770V-8.2.0-8.2.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10770V-8.2.0-8.2.2 Vulnerability in the Oracle Communications Session Route Manager product of Oracle Communications (component: Core (Apache HTTP Server)). Supported versions that are affected are 8.2.0-8.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Route Manager. Successful attacks of this vulnerability can result in takeover of Oracle Communications Session Route Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-11984 P-10771V-8.2.0-8.2.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10771V-8.2.0-8.2.2 Vulnerability in the Instantis EnterpriseTrack product of Oracle Construction and Engineering (component: Core (Apache HTTP Server)). Supported versions that are affected are 17.1, 17.2 and 17.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Instantis EnterpriseTrack. Successful attacks of this vulnerability can result in takeover of Instantis EnterpriseTrack. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-11984 P-10563V-17.1 P-10563V-17.2 P-10563V-17.3 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10563V-17.1 P-10563V-17.2 P-10563V-17.3 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Installation (SQLite)). Supported versions that are affected are 8.5.5 and 8.5.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In Technology executes to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 5.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2020-13631 P-2276V-8.5.5 P-2276V-8.5.4 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-2276V-8.5.5 P-2276V-8.5.4 Vulnerability in the Workload Manager (Apache Tomcat) component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Workload Manager (Apache Tomcat). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Workload Manager (Apache Tomcat). CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-13935 P-5V-12.2.0.1 P-5V-18c P-5V-19c 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5V-12.2.0.1 P-5V-18c P-5V-19c Vulnerability in the Instantis EnterpriseTrack product of Oracle Construction and Engineering (component: Core (Apache Tomcat)). Supported versions that are affected are 17.1, 17.2 and 17.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Instantis EnterpriseTrack. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Instantis EnterpriseTrack. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-13935 P-10563V-17.1 P-10563V-17.2 P-10563V-17.3 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10563V-17.1 P-10563V-17.2 P-10563V-17.3 Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (Apache Tomcat)). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Enterprise Monitor. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-13935 P-8480V-8.0.21 and prior 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8480V-8.0.21 and prior Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: Framework (jackson-databind)). Supported versions that are affected are 18.1, 18.2, 18.3, 19.1, 19.2 and 20.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Banking Digital Experience. Successful attacks of this vulnerability can result in takeover of Oracle Banking Digital Experience. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-14195 P-12605V-18.1 P-12605V-18.2 P-12605V-18.3 P-12605V-19.1 P-12605V-19.2 P-12605V-20.1 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-12605V-18.1 P-12605V-18.2 P-12605V-18.3 P-12605V-19.1 P-12605V-19.2 P-12605V-20.1 Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: IDIH (jackson-databind)). Supported versions that are affected are IDIH: 8.0.0-8.2.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks of this vulnerability can result in takeover of Oracle Communications Diameter Signaling Router (DSR). CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-14195 P-10899V-IDIH: 8.0.0-8.2.2 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10899V-IDIH: 8.0.0-8.2.2 Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: Core (jackson-databind)). Supported versions that are affected are 8.2.0-8.2.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in takeover of Oracle Communications Element Manager. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-14195 P-11052V-8.2.0-8.2.2 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-11052V-8.2.0-8.2.2 Vulnerability in the Oracle Communications Evolved Communications Application Server product of Oracle Communications (component: Universal Data Record (jackson-databind)). The supported version that is affected is 7.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via XCAP to compromise Oracle Communications Evolved Communications Application Server. Successful attacks of this vulnerability can result in takeover of Oracle Communications Evolved Communications Application Server. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-14195 P-10994V-7.1 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10994V-7.1 Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: Core (jackson-databind)). Supported versions that are affected are 8.2.0-8.2.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in takeover of Oracle Communications Session Report Manager. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-14195 P-10770V-8.2.0-8.2.2 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10770V-8.2.0-8.2.2 Vulnerability in the Oracle Communications Session Route Manager product of Oracle Communications (component: Core (jackson-databind)). Supported versions that are affected are 8.2.0-8.2.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Route Manager. Successful attacks of this vulnerability can result in takeover of Oracle Communications Session Route Manager. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-14195 P-10771V-8.2.0-8.2.2 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10771V-8.2.0-8.2.2 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14672 P-8478V-5.6.49 and prior P-8478V-5.7.31 and prior P-8478V-8.0.21 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-5.6.49 and prior P-8478V-5.7.31 and prior P-8478V-8.0.21 and prior Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Segment). Supported versions that are affected are 18.0 and 19.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-14731 P-13388V-18.0 P-13388V-19.0 3.1 AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-13388V-18.0 P-13388V-19.0 Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Promotions). The supported version that is affected is 19.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-14732 P-13388V-19.0 3.1 AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-13388V-19.0 Vulnerability in the Oracle Text component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Oracle Text. Successful attacks of this vulnerability can result in takeover of Oracle Text. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-14734 P-211V-11.2.0.4 P-211V-12.1.0.2 P-211V-12.2.0.1 P-211V-18c P-211V-19c 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-211V-11.2.0.4 P-211V-12.1.0.2 P-211V-12.2.0.1 P-211V-18c P-211V-19c Vulnerability in the Scheduler component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Scheduler executes to compromise Scheduler. While the vulnerability is in Scheduler, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Scheduler. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Security patch has been released CVE-2020-14735 P-5V-11.2.0.4 P-5V-12.1.0.2 P-5V-12.2.0.1 P-5V-18c P-5V-19c 8.8 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5V-11.2.0.4 P-5V-12.1.0.2 P-5V-12.2.0.1 P-5V-18c P-5V-19c Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create Public Synonym privilege with network access via Oracle Net to compromise Database Vault. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Vault accessible data as well as unauthorized read access to a subset of Database Vault accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N). Security patch has been released CVE-2020-14736 P-5V-11.2.0.4 P-5V-12.1.0.2 P-5V-12.2.0.1 3.8 AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5V-11.2.0.4 P-5V-12.1.0.2 P-5V-12.2.0.1 Vulnerability in the SQL Developer Install component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows low privileged attacker having Client Computer User Account privilege with logon to the infrastructure where SQL Developer Install executes to compromise SQL Developer Install. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of SQL Developer Install accessible data. CVSS 3.1 Base Score 2.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-14740 P-1875V-11.2.0.4 P-1875V-12.1.0.2 P-1875V-12.2.0.1 P-1875V-18c 2.8 AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1875V-11.2.0.4 P-1875V-12.1.0.2 P-1875V-12.2.0.1 P-1875V-18c Vulnerability in the Database Filesystem component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Resource, Create Table, Create View, Create Procedure, Dbfs_role privilege with network access via Oracle Net to compromise Database Filesystem. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Database Filesystem. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14741 P-5V-11.2.0.4 P-5V-12.1.0.2 P-5V-12.2.0.1 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5V-11.2.0.4 P-5V-12.1.0.2 P-5V-12.2.0.1 Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having SYSDBA level account privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N). Security patch has been released CVE-2020-14742 P-5V-11.2.0.4 P-5V-12.1.0.2 P-5V-12.2.0.1 P-5V-18c P-5V-19c 2.7 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5V-11.2.0.4 P-5V-12.1.0.2 P-5V-12.2.0.1 P-5V-18c P-5V-19c Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N). Security patch has been released CVE-2020-14743 P-5V-11.2.0.4 P-5V-12.1.0.2 P-5V-12.2.0.1 P-5V-18c P-5V-19c 3.1 AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5V-11.2.0.4 P-5V-12.1.0.2 P-5V-12.2.0.1 P-5V-18c P-5V-19c Vulnerability in the Oracle REST Data Services product of Oracle REST Data Services (component: General). Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c; Standalone ORDS: prior to 20.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle REST Data Services. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle REST Data Services accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2020-14744 P-9456V-11.2.0.4 P-9456V-12.1.0.2 P-9456V-12.2.0.1 P-9456V-18c P-9456V-19c; Standalone ORDS: prior to 20.2.1 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-9456V-11.2.0.4 P-9456V-12.1.0.2 P-9456V-12.2.0.1 P-9456V-18c P-9456V-19c; Standalone ORDS: prior to 20.2.1 Vulnerability in the Oracle REST Data Services product of Oracle REST Data Services (component: General). Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c; Standalone ORDS: prior to 20.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle REST Data Services. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle REST Data Services accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-14745 P-9456V-11.2.0.4 P-9456V-12.1.0.2 P-9456V-12.2.0.1 P-9456V-18c P-9456V-19c; Standalone ORDS: prior to 20.2.1 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-9456V-11.2.0.4 P-9456V-12.1.0.2 P-9456V-12.2.0.1 P-9456V-18c P-9456V-19c; Standalone ORDS: prior to 20.2.1 Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Popup windows). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.1 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N). Security patch has been released CVE-2020-14746 P-1472V-12.1.3 P-1472V-12.2.3 - 12.2.10 4.7 AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1472V-12.1.3 P-1472V-12.2.3 - 12.2.10 Vulnerability in the Hyperion Lifecycle Management product of Oracle Hyperion (component: Shared Services). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Lifecycle Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Lifecycle Management accessible data. CVSS 3.1 Base Score 4.2 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N). Security patch has been released CVE-2020-14752 P-4482V-11.1.2.4 4.2 AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-4482V-11.1.2.4 Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Installation). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality Reporting and Analytics executes to compromise Oracle Hospitality Reporting and Analytics. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Reporting and Analytics, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N). Security patch has been released CVE-2020-14753 P-11599V-9.1.0 5.9 AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-11599V-9.1.0 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14754 P-10006V-11 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10006V-11 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). The supported version that is affected is 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N). Security patch has been released CVE-2020-14757 P-5242V-12.2.1.3.0 6.8 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5242V-12.2.1.3.0 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.1 Base Score 5.6 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:L). Security patch has been released CVE-2020-14758 P-10006V-11 5.6 AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:L CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10006V-11 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data. CVSS 3.1 Base Score 2.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N). Security patch has been released CVE-2020-14759 P-10006V-11 2.5 AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10006V-11 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). Security patch has been released CVE-2020-14760 P-8478V-5.7.31 and prior 5.5 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-5.7.31 and prior Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: Oracle Diagnostics Interfaces). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Manager accessible data as well as unauthorized read access to a subset of Oracle Applications Manager accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N). Security patch has been released CVE-2020-14761 P-99V-12.1.3 P-99V-12.2.3 - 12.2.7 6.5 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-99V-12.1.3 P-99V-12.2.3 - 12.2.7 Vulnerability in the Oracle Application Express component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-14762 P-1348V-Prior to 20.2 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1348V-Prior to 20.2 Vulnerability in the Oracle Application Express Quick Poll component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Quick Poll. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Quick Poll, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Quick Poll accessible data as well as unauthorized read access to a subset of Oracle Application Express Quick Poll accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-14763 P-1348V-Prior to 20.2 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1348V-Prior to 20.2 Vulnerability in the Hyperion Planning product of Oracle Hyperion (component: Application Development Framework). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Planning. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Planning accessible data. CVSS 3.1 Base Score 4.2 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N). Security patch has been released CVE-2020-14764 P-4402V-11.1.2.4 4.2 AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-4402V-11.1.2.4 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14765 P-8478V-5.6.49 and prior P-8478V-5.7.31 and prior P-8478V-8.0.21 and prior 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-5.6.49 and prior P-8478V-5.7.31 and prior P-8478V-8.0.21 and prior Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web Administration). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N). Security patch has been released CVE-2020-14766 P-2025V-5.5.0.0.0 P-2025V-11.1.1.9.0 P-2025V-12.2.1.3.0 P-2025V-12.2.1.4.0 7.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-2025V-5.5.0.0.0 P-2025V-11.1.1.9.0 P-2025V-12.2.1.3.0 P-2025V-12.2.1.4.0 Vulnerability in the Hyperion BI+ product of Oracle Hyperion (component: IQR-Foundation service). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hyperion BI+ accessible data. CVSS 3.1 Base Score 4.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N). Security patch has been released CVE-2020-14767 P-4361V-11.1.2.4 4.2 AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-4361V-11.1.2.4 Vulnerability in the Hyperion Analytic Provider Services product of Oracle Hyperion (component: Smart View Provider). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the Hyperion Analytic Provider Services executes to compromise Hyperion Analytic Provider Services. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion Analytic Provider Services accessible data as well as unauthorized read access to a subset of Hyperion Analytic Provider Services accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Hyperion Analytic Provider Services. CVSS 3.1 Base Score 4.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L). Security patch has been released CVE-2020-14768 P-4349V-11.1.2.4 4.3 AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-4349V-11.1.2.4 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14769 P-8478V-5.6.49 and prior P-8478V-5.7.31 and prior P-8478V-8.0.21 and prior 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-5.6.49 and prior P-8478V-5.7.31 and prior P-8478V-8.0.21 and prior Vulnerability in the Hyperion BI+ product of Oracle Hyperion (component: IQR-Foundation service). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Hyperion BI+ accessible data. CVSS 3.1 Base Score 2.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-14770 P-4361V-11.1.2.4 2.0 AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-4361V-11.1.2.4 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L). Security patch has been released CVE-2020-14771 P-8478V-5.7.31 and prior P-8478V-8.0.21 and prior 2.2 AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-5.7.31 and prior P-8478V-8.0.21 and prior Vulnerability in the Hyperion Lifecycle Management product of Oracle Hyperion (component: Shared Services). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Lifecycle Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Lifecycle Management accessible data. CVSS 3.1 Base Score 4.2 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N). Security patch has been released CVE-2020-14772 P-4482V-11.1.2.4 4.2 AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-4482V-11.1.2.4 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14773 P-8478V-8.0.21 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-8.0.21 and prior Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle CRM Technical Foundation. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14774 P-1199V-12.1.1 - 12.1.3 P-1199V-12.2.3 - 12.2.10 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1199V-12.1.1 - 12.1.3 P-1199V-12.2.3 - 12.2.10 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14775 P-8478V-5.7.31 and prior P-8478V-8.0.21 and prior 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-5.7.31 and prior P-8478V-8.0.21 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14776 P-8478V-5.7.31 and prior P-8478V-8.0.21 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-5.7.31 and prior P-8478V-8.0.21 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14777 P-8478V-8.0.21 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-8.0.21 and prior Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core product of Oracle PeopleSoft (component: Security). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Global Payroll Core. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Global Payroll Core accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HCM Global Payroll Core accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise HCM Global Payroll Core. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). Security patch has been released CVE-2020-14778 P-5055V-9.2 6.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5055V-9.2 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Security patch has been released CVE-2020-14779 P-856V-Java SE: 7u271 P-856V-8u261 P-856V-11.0.8 P-856V-15; Java SE Embedded: 8u261 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-856V-Java SE: 7u271 P-856V-8u261 P-856V-11.0.8 P-856V-15; Java SE Embedded: 8u261 Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N). Security patch has been released CVE-2020-14780 P-1479V-5.5.0.0.0 P-1479V-11.1.1.9.0 P-1479V-12.2.1.3.0 P-1479V-12.2.1.4.0 7.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1479V-5.5.0.0.0 P-1479V-11.1.1.9.0 P-1479V-12.2.1.3.0 P-1479V-12.2.1.4.0 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-14781 P-856V-Java SE: 7u271 P-856V-8u261 P-856V-11.0.8 P-856V-15; Java SE Embedded: 8u261 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-856V-Java SE: 7u271 P-856V-8u261 P-856V-11.0.8 P-856V-15; Java SE Embedded: 8u261 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Security patch has been released CVE-2020-14782 P-856V-Java SE: 7u271 P-856V-8u261 P-856V-11.0.8 P-856V-15; Java SE Embedded: 8u261 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-856V-Java SE: 7u271 P-856V-8u261 P-856V-11.0.8 P-856V-15; Java SE Embedded: 8u261 Vulnerability in the Oracle Hospitality RES 3700 product of Oracle Food and Beverage Applications (component: CAL). The supported version that is affected is 5.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Hospitality RES 3700. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality RES 3700 accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-14783 P-11596V-5.7 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-11596V-5.7 Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Mobile Service). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Security patch has been released CVE-2020-14784 P-1479V-11.1.1.9.0 P-1479V-12.2.1.3.0 P-1479V-12.2.1.4.0 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1479V-11.1.1.9.0 P-1479V-12.2.1.3.0 P-1479V-12.2.1.4.0 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14785 P-8478V-8.0.21 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-8.0.21 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14786 P-8478V-8.0.21 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-8.0.21 and prior Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: User Interface). Supported versions that are affected are 8.0.0.0-8.4.0.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Diameter Signaling Router (DSR), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router (DSR) accessible data as well as unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-14787 P-10899V-8.0.0.0-8.4.0.5 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10899V-8.0.0.0-8.4.0.5 Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: User Interface). Supported versions that are affected are 8.0.0.0-8.4.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Diameter Signaling Router (DSR), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router (DSR) accessible data as well as unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-14788 P-10899V-8.0.0.0-8.4.0.5 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10899V-8.0.0.0-8.4.0.5 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14789 P-8478V-5.7.31 and prior P-8478V-8.0.21 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-5.7.31 and prior P-8478V-8.0.21 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14790 P-8478V-5.7.31 and prior P-8478V-8.0.21 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-5.7.31 and prior P-8478V-8.0.21 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L). Security patch has been released CVE-2020-14791 P-8478V-8.0.21 and prior 2.2 AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-8.0.21 and prior Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N). Security patch has been released CVE-2020-14792 P-856V-Java SE: 7u271 P-856V-8u261 P-856V-11.0.8 P-856V-15; Java SE Embedded: 8u261 4.2 AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-856V-Java SE: 7u271 P-856V-8u261 P-856V-11.0.8 P-856V-15; Java SE Embedded: 8u261 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14793 P-8478V-5.6.49 and prior P-8478V-5.7.31 and prior P-8478V-8.0.21 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-5.6.49 and prior P-8478V-5.7.31 and prior P-8478V-8.0.21 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14794 P-8478V-8.0.21 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-8.0.21 and prior Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). Security patch has been released CVE-2020-14795 P-5085V-8.57 P-5085V-8.58 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5085V-8.57 P-5085V-8.58 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-14796 P-856V-Java SE: 7u271 P-856V-8u261 P-856V-11.0.8 P-856V-15; Java SE Embedded: 8u261 3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-856V-Java SE: 7u271 P-856V-8u261 P-856V-11.0.8 P-856V-15; Java SE Embedded: 8u261 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Security patch has been released CVE-2020-14797 P-856V-Java SE: 7u271 P-856V-8u261 P-856V-11.0.8 P-856V-15; Java SE Embedded: 8u261 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-856V-Java SE: 7u271 P-856V-8u261 P-856V-11.0.8 P-856V-15; Java SE Embedded: 8u261 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). Security patch has been released CVE-2020-14798 P-856V-Java SE: 7u271 P-856V-8u261 P-856V-11.0.8 P-856V-15; Java SE Embedded: 8u261 3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-856V-Java SE: 7u271 P-856V-8u261 P-856V-11.0.8 P-856V-15; Java SE Embedded: 8u261 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14799 P-8478V-8.0.20 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-8.0.20 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14800 P-8478V-8.0.21 and prior 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-8.0.21 and prior Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-14801 P-5085V-8.56 P-5085V-8.57 P-5085V-8.58 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5085V-8.56 P-5085V-8.57 P-5085V-8.58 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-14802 P-5085V-8.56 P-5085V-8.57 P-5085V-8.58 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5085V-8.56 P-5085V-8.57 P-5085V-8.58 Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: Java). Supported versions that are affected are 19.3.3 and 20.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-14803 P-13497V-19.3.3 P-13497V-20.2.0 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-13497V-19.3.3 P-13497V-20.2.0 Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-14803 P-856V-Java SE: 11.0.8 P-856V-15 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-856V-Java SE: 11.0.8 P-856V-15 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14804 P-8478V-8.0.21 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-8.0.21 and prior Vulnerability in the Oracle E-Business Suite Secure Enterprise Search product of Oracle E-Business Suite (component: Search Integration Engine). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Suite Secure Enterprise Search. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle E-Business Suite Secure Enterprise Search accessible data as well as unauthorized access to critical data or complete access to all Oracle E-Business Suite Secure Enterprise Search accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2020-14805 P-4574V-12.1.3 P-4574V-12.2.3 - 12.2.10 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-4574V-12.1.3 P-4574V-12.2.3 - 12.2.10 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-14806 P-5085V-8.56 P-5085V-8.57 P-5085V-8.58 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5085V-8.56 P-5085V-8.57 P-5085V-8.58 Vulnerability in the Oracle Hospitality Suite8 product of Oracle Hospitality Applications (component: WebConnect). Supported versions that are affected are 8.10.2 and 8.11-8.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suite8 accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Suite8 accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N). Security patch has been released CVE-2020-14807 P-12619V-8.10.2 P-12619V-8.11-8.14 7.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-12619V-8.10.2 P-12619V-8.11-8.14 Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Trade Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Trade Management accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Security patch has been released CVE-2020-14808 P-765V-12.1.3 P-765V-12.2.3 - 12.2.10 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-765V-12.1.3 P-765V-12.2.3 - 12.2.10 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14809 P-8478V-8.0.21 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-8.0.21 and prior Vulnerability in the Oracle Hospitality Suite8 product of Oracle Hospitality Applications (component: WebConnect). Supported versions that are affected are 8.10.2 and 8.11-8.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Suite8 accessible data as well as unauthorized read access to a subset of Oracle Hospitality Suite8 accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N). Security patch has been released CVE-2020-14810 P-12619V-8.10.2 P-12619V-8.11-8.14 5.4 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-12619V-8.10.2 P-12619V-8.11-8.14 Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: AMP EBS Integration). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Manager accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-14811 P-99V-12.1.3 P-99V-12.2.3 - 12.2.10 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-99V-12.1.3 P-99V-12.2.3 - 12.2.10 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14812 P-8478V-5.6.49 and prior P-8478V-5.7.31 and prior P-8478V-8.0.21 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-5.6.49 and prior P-8478V-5.7.31 and prior P-8478V-8.0.21 and prior Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Grids). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-14813 P-5085V-8.56 P-5085V-8.57 P-5085V-8.58 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5085V-8.56 P-5085V-8.57 P-5085V-8.58 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14814 P-8478V-8.0.21 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-8.0.21 and prior Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Security patch has been released CVE-2020-14815 P-2025V-5.5.0.0.0 P-2025V-12.2.1.3.0 P-2025V-12.2.1.4.0 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-2025V-5.5.0.0.0 P-2025V-12.2.1.3.0 P-2025V-12.2.1.4.0 Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Security patch has been released CVE-2020-14816 P-229V-12.1.1 - 12.1.3 P-229V-12.2.3 - 12.2.10 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-229V-12.1.1 - 12.1.3 P-229V-12.2.3 - 12.2.10 Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Security patch has been released CVE-2020-14817 P-229V-12.1.1 - 12.1.3 P-229V-12.2.3 - 12.2.10 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-229V-12.1.1 - 12.1.3 P-229V-12.2.3 - 12.2.10 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with network access via SSH to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data. CVSS 3.1 Base Score 3.0 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N). Security patch has been released CVE-2020-14818 P-10006V-11 3.0 AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10006V-11 Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Security patch has been released CVE-2020-14819 P-1379V-12.1.3 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1379V-12.1.3 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2020-14820 P-5242V-10.3.6.0.0 P-5242V-12.1.3.0.0 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5242V-10.3.6.0.0 P-5242V-12.1.3.0.0 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14821 P-8478V-8.0.21 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-8.0.21 and prior Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: APIs). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data. CVSS 3.1 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N). Security patch has been released CVE-2020-14822 P-1118V-12.1.1 - 12.1.3 P-1118V-12.2.3 - 12.2.10 4.7 AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1118V-12.1.1 - 12.1.3 P-1118V-12.2.3 - 12.2.10 Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.2.3 - 12.2.10. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle CRM Technical Foundation accessible data as well as unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2020-14823 P-1199V-12.2.3 - 12.2.10 6.5 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1199V-12.2.3 - 12.2.10 Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. While the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 8.6 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H). Security patch has been released CVE-2020-14824 P-5680V-8.0.6-8.1.0 8.6 AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5680V-8.0.6-8.1.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-14825 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: SQL Extensions). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Manager accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-14826 P-99V-12.1.3 P-99V-12.2.3 - 12.2.10 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-99V-12.1.3 P-99V-12.2.3 - 12.2.10 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2020-14827 P-8478V-5.7.31 and prior P-8478V-8.0.21 and prior 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-5.7.31 and prior P-8478V-8.0.21 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-14828 P-8478V-8.0.21 and prior 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-8.0.21 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14829 P-8478V-8.0.21 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-8.0.21 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14830 P-8478V-8.0.21 and prior 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-8.0.21 and prior Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Security patch has been released CVE-2020-14831 P-229V-12.1.1 - 12.1.3 P-229V-12.2.3 - 12.2.10 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-229V-12.1.1 - 12.1.3 P-229V-12.2.3 - 12.2.10 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Integration Broker). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-14832 P-5085V-8.56 P-5085V-8.57 P-5085V-8.58 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5085V-8.56 P-5085V-8.57 P-5085V-8.58 Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Trade Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Trade Management accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Security patch has been released CVE-2020-14833 P-765V-12.1.1 - 12.1.3 P-765V-12.2.3 - 12.2.10 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-765V-12.1.1 - 12.1.3 P-765V-12.2.3 - 12.2.10 Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Trade Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Trade Management accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Security patch has been released CVE-2020-14834 P-765V-12.1.1 - 12.1.3 P-765V-12.2.3 - 12.2.10 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-765V-12.1.1 - 12.1.3 P-765V-12.2.3 - 12.2.10 Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 - 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Security patch has been released CVE-2020-14835 P-229V-12.1.1 - 12.1.3 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-229V-12.1.1 - 12.1.3 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14836 P-8478V-8.0.21 and prior 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-8.0.21 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14837 P-8478V-8.0.21 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-8.0.21 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-14838 P-8478V-8.0.21 and prior 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-8.0.21 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14839 P-8478V-8.0.21 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-8.0.21 and prior Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Object Library, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data. CVSS 3.1 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N). Security patch has been released CVE-2020-14840 P-510V-12.1.3 P-510V-12.2.3 - 12.2.10 4.7 AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-510V-12.1.3 P-510V-12.2.3 - 12.2.10 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-14841 P-5242V-10.3.6.0.0 P-5242V-12.1.3.0.0 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5242V-10.3.6.0.0 P-5242V-12.1.3.0.0 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Security patch has been released CVE-2020-14842 P-1479V-5.5.0.0.0 P-1479V-11.1.1.9.0 P-1479V-12.2.1.3.0 P-1479V-12.2.1.4.0 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1479V-5.5.0.0.0 P-1479V-11.1.1.9.0 P-1479V-12.2.1.3.0 P-1479V-12.2.1.4.0 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L). Security patch has been released CVE-2020-14843 P-2025V-5.5.0.0.0 P-2025V-12.2.1.3.0 P-2025V-12.2.1.4.0 7.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-2025V-5.5.0.0.0 P-2025V-12.2.1.3.0 P-2025V-12.2.1.4.0 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14844 P-8478V-8.0.21 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-8.0.21 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14845 P-8478V-8.0.21 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-8.0.21 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14846 P-8478V-8.0.21 and prior 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-8.0.21 and prior Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-14847 P-5085V-8.56 P-5085V-8.57 P-5085V-8.58 2.7 AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5085V-8.56 P-5085V-8.57 P-5085V-8.58 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14848 P-8478V-8.0.21 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-8.0.21 and prior Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Security patch has been released CVE-2020-14849 P-229V-12.1.1 - 12.1.3 P-229V-12.2.3 - 12.2.10 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-229V-12.1.1 - 12.1.3 P-229V-12.2.3 - 12.2.10 Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Flex Fields). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Security patch has been released CVE-2020-14850 P-1199V-12.1.3 P-1199V-12.2.3 - 12.2.10 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1199V-12.1.3 P-1199V-12.2.3 - 12.2.10 Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Trade Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Trade Management accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Security patch has been released CVE-2020-14851 P-765V-12.1.1 - 12.1.3 P-765V-12.2.3 - 12.2.10 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-765V-12.1.1 - 12.1.3 P-765V-12.2.3 - 12.2.10 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Charsets). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14852 P-8478V-8.0.21 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-8.0.21 and prior Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: NDBCluster Plugin). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 4.6 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L). Security patch has been released CVE-2020-14853 P-8479V-8.0.21 and prior 4.6 AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8479V-8.0.21 and prior Vulnerability in the Hyperion Infrastructure Technology product of Oracle Hyperion (component: UI and Visualization). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Infrastructure Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Infrastructure Technology accessible data as well as unauthorized access to critical data or complete access to all Hyperion Infrastructure Technology accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N). Security patch has been released CVE-2020-14854 P-4392V-11.1.2.4 6.1 AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-4392V-11.1.2.4 Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Administration). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Universal Work Queue. Successful attacks of this vulnerability can result in takeover of Oracle Universal Work Queue. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-14855 P-778V-12.1.3 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-778V-12.1.3 Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Trade Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Trade Management accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Security patch has been released CVE-2020-14856 P-765V-12.1.1 - 12.1.3 P-765V-12.2.3 - 12.2.10 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-765V-12.1.1 - 12.1.3 P-765V-12.2.3 - 12.2.10 Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Trade Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Trade Management accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Security patch has been released CVE-2020-14857 P-765V-12.1.1 - 12.1.3 P-765V-12.2.3 - 12.2.10 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-765V-12.1.1 - 12.1.3 P-765V-12.2.3 - 12.2.10 Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Logging). Supported versions that are affected are 5.5 and 5.6. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality OPERA 5 Property Services. CVSS 3.1 Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-14858 P-11580V-5.5 P-11580V-5.6 6.8 AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-11580V-5.5 P-11580V-5.6 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-14859 P-5242V-10.3.6.0.0 P-5242V-12.1.3.0.0 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5242V-10.3.6.0.0 P-5242V-12.1.3.0.0 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N). Security patch has been released CVE-2020-14860 P-8478V-8.0.21 and prior 2.7 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-8.0.21 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14861 P-8478V-8.0.21 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-8.0.21 and prior Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3 - 12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Universal Work Queue. Successful attacks of this vulnerability can result in takeover of Oracle Universal Work Queue. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-14862 P-778V-12.2.3 - 12.2.9 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-778V-12.2.3 - 12.2.9 Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). Supported versions that are affected are 12.1.1 - 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Security patch has been released CVE-2020-14863 P-1379V-12.1.1 - 12.1.3 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1379V-12.1.1 - 12.1.3 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2020-14864 P-2025V-5.5.0.0.0 P-2025V-12.2.1.3.0 P-2025V-12.2.1.4.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-2025V-5.5.0.0.0 P-2025V-12.2.1.3.0 P-2025V-12.2.1.4.0 Vulnerability in the PeopleSoft Enterprise SCM eSupplier Connection product of Oracle PeopleSoft (component: eSupplier Connection). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM eSupplier Connection. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise SCM eSupplier Connection accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise SCM eSupplier Connection accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2020-14865 P-5122V-9.2 8.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5122V-9.2 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14866 P-8478V-8.0.21 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-8.0.21 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14867 P-8478V-5.6.49 and prior P-8478V-5.7.31 and prior P-8478V-8.0.21 and prior 4.4 AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-5.6.49 and prior P-8478V-5.7.31 and prior P-8478V-8.0.21 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14868 P-8478V-8.0.21 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-8.0.21 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14869 P-8478V-5.7.31 and prior P-8478V-8.0.21 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-5.7.31 and prior P-8478V-8.0.21 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: X Plugin). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14870 P-8478V-8.0.21 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-8.0.21 and prior Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: This CVE is not exploitable for Solaris 11.1 and later releases, and ZFSSA 8.7 and later releases, thus the CVSS Base Score is 0.0. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Security patch has been released CVE-2020-14871 P-10006V-10 P-10006V-11 10.0 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10006V-10 P-10006V-11 Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Operating System Image). The supported version that is affected is 8.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle ZFS Storage Appliance Kit. While the vulnerability is in Oracle ZFS Storage Appliance Kit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle ZFS Storage Appliance Kit. Note: This CVE is not exploitable for Solaris 11.1 and later releases, and ZFSSA 8.7 and later releases, thus the CVSS Base Score is 0.0. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Security patch has been released CVE-2020-14871 P-10026V-8.8 10.0 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10026V-8.8 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). Security patch has been released CVE-2020-14872 P-8370V-Prior to 6.1.16 8.2 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8370V-Prior to 6.1.16 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14873 P-8478V-8.0.21 and prior 4.4 AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-8.0.21 and prior Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Marketing accessible data as well as unauthorized access to critical data or complete access to all Oracle Marketing accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2020-14875 P-229V-12.1.1 - 12.1.3 P-229V-12.2.3 - 12.2.10 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-229V-12.1.1 - 12.1.3 P-229V-12.2.3 - 12.2.10 Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Trade Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2020-14876 P-765V-12.1.1 - 12.1.3 P-765V-12.2.3 - 12.2.10 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-765V-12.1.1 - 12.1.3 P-765V-12.2.3 - 12.2.10 Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Logging). Supported versions that are affected are 5.5 and 5.6. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality OPERA 5 Property Services accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 Property Services accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2020-14877 P-11580V-5.5 P-11580V-5.6 6.5 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-11580V-5.5 P-11580V-5.6 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 8.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-14878 P-8478V-8.0.21 and prior 8.0 AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-8.0.21 and prior Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise BI Publisher. While the vulnerability is in BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data. CVSS 3.1 Base Score 8.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N). Security patch has been released CVE-2020-14879 P-1479V-5.5.0.0.0 P-1479V-11.1.1.9.0 P-1479V-12.2.1.3.0 P-1479V-12.2.1.4.0 8.5 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1479V-5.5.0.0.0 P-1479V-11.1.1.9.0 P-1479V-12.2.1.3.0 P-1479V-12.2.1.4.0 Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise BI Publisher. While the vulnerability is in BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data. CVSS 3.1 Base Score 8.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N). Security patch has been released CVE-2020-14880 P-1479V-5.5.0.0.0 P-1479V-11.1.1.9.0 P-1479V-12.2.1.3.0 P-1479V-12.2.1.4.0 8.5 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1479V-5.5.0.0.0 P-1479V-11.1.1.9.0 P-1479V-12.2.1.3.0 P-1479V-12.2.1.4.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). Security patch has been released CVE-2020-14881 P-8370V-Prior to 6.1.16 6.0 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8370V-Prior to 6.1.16 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-14882 P-5242V-10.3.6.0.0 P-5242V-12.1.3.0.0 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5242V-10.3.6.0.0 P-5242V-12.1.3.0.0 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-14883 P-5242V-10.3.6.0.0 P-5242V-12.1.3.0.0 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5242V-10.3.6.0.0 P-5242V-12.1.3.0.0 P-5242V-12.2.1.3.0 P-5242V-12.2.1.4.0 P-5242V-14.1.1.0.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). Security patch has been released CVE-2020-14884 P-8370V-Prior to 6.1.16 6.0 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8370V-Prior to 6.1.16 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). Security patch has been released CVE-2020-14885 P-8370V-Prior to 6.1.16 6.0 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8370V-Prior to 6.1.16 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). Security patch has been released CVE-2020-14886 P-8370V-Prior to 6.1.16 6.0 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8370V-Prior to 6.1.16 Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.3.0 and 14.0.0-14.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2020-14887 P-9052V-12.3.0 P-9052V-14.0.0-14.4.0 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-9052V-12.3.0 P-9052V-14.0.0-14.4.0 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14888 P-8478V-8.0.21 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-8.0.21 and prior Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). Security patch has been released CVE-2020-14889 P-8370V-Prior to 6.1.16 6.0 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8370V-Prior to 6.1.16 Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: Pre Login). Supported versions that are affected are 12.0.1, 12.0.2 and 12.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Direct Banking accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). Security patch has been released CVE-2020-14890 P-9111V-12.0.1 P-9111V-12.0.2 P-9111V-12.0.3 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-9111V-12.0.1 P-9111V-12.0.2 P-9111V-12.0.3 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14891 P-8478V-8.0.21 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-8.0.21 and prior Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14892 P-8370V-Prior to 6.1.16 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8370V-Prior to 6.1.16 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-14893 P-8478V-8.0.21 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8478V-8.0.21 and prior Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0 and 14.0.0-14.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2020-14894 P-12989V-12.3.0 P-12989V-14.0.0-14.4.0 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-12989V-12.3.0 P-12989V-14.0.0-14.4.0 Vulnerability in the Oracle Utilities Framework product of Oracle Utilities Applications (component: System Wide). Supported versions that are affected are 2.2.0.0.0, 4.2.0.2.0, 4.2.0.3.0, 4.3.0.1.0 - 4.3.0.6.0, 4.4.0.0.0 and 4.4.0.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Utilities Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Utilities Framework accessible data as well as unauthorized read access to a subset of Oracle Utilities Framework accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). Security patch has been released CVE-2020-14895 P-2245V-2.2.0.0.0 P-2245V-4.2.0.2.0 P-2245V-4.2.0.3.0 P-2245V-4.3.0.1.0 - 4.3.0.6.0 P-2245V-4.4.0.0.0 P-2245V-4.4.0.2.0 5.4 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-2245V-2.2.0.0.0 P-2245V-4.2.0.2.0 P-2245V-4.2.0.3.0 P-2245V-4.3.0.1.0 - 4.3.0.6.0 P-2245V-4.4.0.0.0 P-2245V-4.4.0.2.0 Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2020-14896 P-13011V-14.1.0-14.4.0 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-13011V-14.1.0-14.4.0 Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: Pre Login). Supported versions that are affected are 12.0.1, 12.0.2 and 12.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Direct Banking accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). Security patch has been released CVE-2020-14897 P-9111V-12.0.1 P-9111V-12.0.2 P-9111V-12.0.3 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-9111V-12.0.1 P-9111V-12.0.2 P-9111V-12.0.3 Vulnerability in the Oracle Application Express Packaged Apps component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Packaged Apps. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Packaged Apps, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Packaged Apps accessible data as well as unauthorized read access to a subset of Oracle Application Express Packaged Apps accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-14898 P-1348V-Prior to 20.2 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1348V-Prior to 20.2 Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Data Reporter. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Data Reporter, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Data Reporter accessible data as well as unauthorized read access to a subset of Oracle Application Express Data Reporter accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-14899 P-1348V-Prior to 20.2 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1348V-Prior to 20.2 Vulnerability in the Oracle Application Express Group Calendar component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Group Calendar. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Group Calendar, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Group Calendar accessible data as well as unauthorized read access to a subset of Oracle Application Express Group Calendar accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-14900 P-1348V-Prior to 20.2 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1348V-Prior to 20.2 Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having Analyze Any privilege with network access via Oracle Net to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all RDBMS Security accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2020-14901 P-5V-19c 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5V-19c Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Installation (OpenJPEG)). Supported versions that are affected are 8.5.5 and 8.5.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology and unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H). Security patch has been released CVE-2020-15389 P-2276V-8.5.5 P-2276V-8.5.4 6.5 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-2276V-8.5.5 P-2276V-8.5.4 Vulnerability in the MySQL Workbench product of Oracle MySQL (component: MySQL Workbench (libssh)). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Workbench. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Security patch has been released CVE-2020-1730 P-4627V-8.0.21 and prior 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-4627V-8.0.21 and prior Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Folders, Files & Attachments (Apache Tomcat)). Supported versions that are affected are 9.3.3, 9.3.5 and 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via AJP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-1938 P-4461V-9.3.3 P-4461V-9.3.5 P-4461V-9.3.6 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-4461V-9.3.3 P-4461V-9.3.5 P-4461V-9.3.6 Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: IDIH (Apache ActiveMQ)). Supported versions that are affected are IDIH: 8.0.0-8.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Diameter Signaling Router (DSR), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router (DSR) accessible data as well as unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-1941 P-10899V-IDIH: 8.0.0-8.2.2 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10899V-IDIH: 8.0.0-8.2.2 Vulnerability in the Oracle FLEXCUBE Private Banking product of Oracle Financial Services Applications (component: Core (Apache ActiveMQ)). Supported versions that are affected are 12.0.0 and 12.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Private Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-1941 P-9110V-12.0.0 P-9110V-12.1.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-9110V-12.0.0 P-9110V-12.1.0 Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Runtime Engine (Apache Ant)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Business Process Management Suite executes to compromise Oracle Business Process Management Suite. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Business Process Management Suite accessible data as well as unauthorized access to critical data or complete access to all Oracle Business Process Management Suite accessible data. CVSS 3.1 Base Score 6.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2020-1945 P-5325V-12.2.1.3.0 P-5325V-12.2.1.4.0 6.3 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5325V-12.2.1.3.0 P-5325V-12.2.1.4.0 Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: IDIH (Apache Ant)). Supported versions that are affected are IDIH: 8.0.0-8.2.2. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Diameter Signaling Router (DSR) executes to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Diameter Signaling Router (DSR) accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Diameter Signaling Router (DSR) accessible data. CVSS 3.1 Base Score 6.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2020-1945 P-10899V-IDIH: 8.0.0-8.2.2 6.7 AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10899V-IDIH: 8.0.0-8.2.2 Vulnerability in the Oracle Retail Back Office product of Oracle Retail Applications (component: Security (Apache Ant)). Supported versions that are affected are 14.0 and 14.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Back Office. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Retail Back Office accessible data as well as unauthorized access to critical data or complete access to all Oracle Retail Back Office accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2020-1945 P-2013V-14.0 P-2013V-14.1 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-2013V-14.0 P-2013V-14.1 Vulnerability in the Oracle Retail Central Office product of Oracle Retail Applications (component: Security (Apache Ant)). Supported versions that are affected are 14.0 and 14.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Central Office. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Retail Central Office accessible data as well as unauthorized access to critical data or complete access to all Oracle Retail Central Office accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2020-1945 P-2016V-14.0 P-2016V-14.1 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-2016V-14.0 P-2016V-14.1 Vulnerability in the Oracle Retail Integration Bus product of Oracle Retail Applications (component: RIB Kernal (Apache Ant)). Supported versions that are affected are 14.1, 15.0 and 16.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Integration Bus. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Retail Integration Bus accessible data as well as unauthorized access to critical data or complete access to all Oracle Retail Integration Bus accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2020-1945 P-1807V-14.1 P-1807V-15.0 P-1807V-16.0 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1807V-14.1 P-1807V-15.0 P-1807V-16.0 Vulnerability in the Oracle Retail Point-of-Service product of Oracle Retail Applications (component: Security (Apache Ant)). Supported versions that are affected are 14.0 and 14.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Point-of-Service. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Retail Point-of-Service accessible data as well as unauthorized access to critical data or complete access to all Oracle Retail Point-of-Service accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2020-1945 P-2017V-14.0 P-2017V-14.1 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-2017V-14.0 P-2017V-14.1 Vulnerability in the Oracle Retail Returns Management product of Oracle Retail Applications (component: Security (Apache Ant)). Supported versions that are affected are 14.0 and 14.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Returns Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Retail Returns Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Retail Returns Management accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2020-1945 P-2020V-14.0 P-2020V-14.1 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-2020V-14.0 P-2020V-14.1 Vulnerability in the Oracle Utilities Framework product of Oracle Utilities Applications (component: General (Apache Ant)). Supported versions that are affected are 2.2.0.0.0, 4.2.0.2.0, 4.2.0.3.0, 4.3.0.1.0 - 4.3.0.6.0, 4.4.0.0.0 and 4.4.0.2.0. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Utilities Framework executes to compromise Oracle Utilities Framework. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Utilities Framework accessible data as well as unauthorized access to critical data or complete access to all Oracle Utilities Framework accessible data. CVSS 3.1 Base Score 6.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2020-1945 P-2245V-2.2.0.0.0 P-2245V-4.2.0.2.0 P-2245V-4.2.0.3.0 P-2245V-4.3.0.1.0 - 4.3.0.6.0 P-2245V-4.4.0.0.0 P-2245V-4.4.0.2.0 6.3 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-2245V-2.2.0.0.0 P-2245V-4.2.0.2.0 P-2245V-4.2.0.3.0 P-2245V-4.3.0.1.0 - 4.3.0.6.0 P-2245V-4.4.0.0.0 P-2245V-4.4.0.2.0 Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Document Service (Apache Tika)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Business Process Management Suite executes to compromise Oracle Business Process Management Suite. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Process Management Suite. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-1951 P-5325V-12.2.1.3.0 P-5325V-12.2.1.4.0 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5325V-12.2.1.3.0 P-5325V-12.2.1.4.0 Vulnerability in the Oracle FLEXCUBE Private Banking product of Oracle Financial Services Applications (component: Core (Apache Tika)). Supported versions that are affected are 12.0.0 and 12.1.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle FLEXCUBE Private Banking executes to compromise Oracle FLEXCUBE Private Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Private Banking. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-1951 P-9110V-12.0.0 P-9110V-12.1.0 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-9110V-12.0.0 P-9110V-12.1.0 Vulnerability in the Oracle Healthcare Foundation product of Oracle Health Sciences Applications (component: Self Service Analytics (Apache Commons Configuration)). Supported versions that are affected are 7.1.1, 7.2.0, 7.2.1 and 7.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Healthcare Foundation. While the vulnerability is in Oracle Healthcare Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Healthcare Foundation. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Security patch has been released CVE-2020-1953 P-12950V-7.1.1 P-12950V-7.2.0 P-12950V-7.2.1 P-12950V-7.3.0 10.0 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-12950V-7.1.1 P-12950V-7.2.0 P-12950V-7.2.1 P-12950V-7.3.0 Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: IDIH (Apache CXF)). Supported versions that are affected are IDIH: 8.0.0-8.2.2. Difficult to exploit vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Communications Diameter Signaling Router (DSR) executes to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Diameter Signaling Router (DSR) accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2020-1954 P-10899V-IDIH: 8.0.0-8.2.2 5.3 AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10899V-IDIH: 8.0.0-8.2.2 Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: Core (Apache CXF)). Supported versions that are affected are 8.2.0-8.2.2. Difficult to exploit vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Communications Element Manager executes to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Element Manager accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2020-1954 P-11052V-8.2.0-8.2.2 5.3 AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-11052V-8.2.0-8.2.2 Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: Core (Apache CXF)). Supported versions that are affected are 8.2.0-8.2.2. Difficult to exploit vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Communications Session Report Manager executes to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Session Report Manager accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2020-1954 P-10770V-8.2.0-8.2.2 5.3 AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10770V-8.2.0-8.2.2 Vulnerability in the Oracle Communications Session Route Manager product of Oracle Communications (component: Core (Apache CXF)). Supported versions that are affected are 8.2.0-8.2.2. Difficult to exploit vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Communications Session Route Manager executes to compromise Oracle Communications Session Route Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Session Route Manager accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2020-1954 P-10771V-8.2.0-8.2.2 5.3 AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10771V-8.2.0-8.2.2 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework (Apache CXF)). The supported version that is affected is 13.2.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Enterprise Manager Base Platform executes to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2020-1954 P-1370V-13.2.1.0 5.3 AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1370V-13.2.1.0 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search (Apache CXF)). The supported version that is affected is 8.56. Difficult to exploit vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2020-1954 P-5085V-8.56 5.3 AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5085V-8.56 Vulnerability in the Enterprise Manager for Storage Management product of Oracle Enterprise Manager (component: Privilege Management (OpenSSL)). Supported versions that are affected are 13.3.0.0 and 13.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Enterprise Manager for Storage Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Enterprise Manager for Storage Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-1967 P-10303V-13.3.0.0 P-10303V-13.4.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10303V-13.3.0.0 P-10303V-13.4.0.0 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (OpenSSL)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle HTTP Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-1967 P-1042V-12.2.1.4.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1042V-12.2.1.4.0 Vulnerability in the MySQL Workbench product of Oracle MySQL (component: Workbench: Security: Encryption (OpenSSL)). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Workbench. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-1967 P-4627V-8.0.21 and prior 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-4627V-8.0.21 and prior Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: IDIH (Oracle Coherence)). Supported versions that are affected are IDIH: 8.0.0-8.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks of this vulnerability can result in takeover of Oracle Communications Diameter Signaling Router (DSR). CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-2555 P-10899V-IDIH: 8.0.0-8.2.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10899V-IDIH: 8.0.0-8.2.2 Vulnerability in the Oracle Healthcare Data Repository product of Oracle Health Sciences Applications (component: Database Module (Oracle Coherence)). The supported version that is affected is 7.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Healthcare Data Repository. Successful attacks of this vulnerability can result in takeover of Oracle Healthcare Data Repository. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-2555 P-9161V-7.0.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-9161V-7.0.1 Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework (Oracle Coherence)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Portal. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-2555 P-1696V-12.2.1.3.0 P-1696V-12.2.1.4.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1696V-12.2.1.3.0 P-1696V-12.2.1.4.0 Vulnerability in the Management Pack for Oracle GoldenGate product of Oracle Fusion Middleware (component: Monitor (SNMP)). The supported version that is affected is 12.2.1.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via SNMP to compromise Management Pack for Oracle GoldenGate. While the vulnerability is in Management Pack for Oracle GoldenGate, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Management Pack for Oracle GoldenGate. CVSS 3.1 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). Security patch has been released CVE-2020-3235 P-5759V-12.2.1.2.0 7.7 AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5759V-12.2.1.2.0 Security-in-Depth issue in the MySQL Cluster product of Oracle MySQL (component: Cluster: Configuration (dojo)). Supported versions that are affected are 7.3.30 and prior, 7.4.29 and prior, 7.5.19 and prior, 7.6.15 and prior and 8.0.21 and prior. This vulnerability cannot be exploited in the context of this product.CVSS 3.1 Base Score 0.0. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N). Security patch has been released CVE-2020-4051 P-8479V-7.3.30 and prior P-8479V-7.4.29 and prior P-8479V-7.5.19 and prior P-8479V-7.6.15 and prior P-8479V-8.0.21 and prior 0.0 AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8479V-7.3.30 and prior P-8479V-7.4.29 and prior P-8479V-7.5.19 and prior P-8479V-7.6.15 and prior P-8479V-8.0.21 and prior Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Load Testing for Web Apps (Spring Framework)). The supported version that is affected is 13.3.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Application Testing Suite. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-5398 P-4622V-13.3.0.1 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-4622V-13.3.0.1 Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: IDIH (Spring Framework)). Supported versions that are affected are IDIH: 8.0.0-8.2.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Diameter Signaling Router (DSR). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-5398 P-10899V-IDIH: 8.0.0-8.2.2 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10899V-IDIH: 8.0.0-8.2.2 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework (Spring Framework)). The supported version that is affected is 13.2.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Enterprise Manager Base Platform. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-5398 P-1370V-13.2.1.0 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1370V-13.2.1.0 Vulnerability in the Oracle FLEXCUBE Private Banking product of Oracle Financial Services Applications (component: Core (Spring Framework)). Supported versions that are affected are 12.0.0 and 12.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle FLEXCUBE Private Banking. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-5398 P-9110V-12.0.0 P-9110V-12.1.0 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-9110V-12.0.0 P-9110V-12.1.0 Vulnerability in the Oracle Financial Services Regulatory Reporting with AgileREPORTER product of Oracle Financial Services Applications (component: Core (Spring Framework)). The supported version that is affected is 8.0.9.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Regulatory Reporting with AgileREPORTER. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Regulatory Reporting with AgileREPORTER. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-5398 P-13077V-8.0.9.2.0 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-13077V-8.0.9.2.0 Vulnerability in the Oracle Insurance Policy Administration J2EE product of Oracle Insurance Applications (component: Admin Console (Spring Framework)). The supported version that is affected is 11.2.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Policy Administration J2EE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Insurance Policy Administration J2EE. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-5398 P-5279V-11.2.2.0 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5279V-11.2.2.0 Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: Core (Spring Security)). Supported versions that are affected are 8.2.0-8.2.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Element Manager accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2020-5408 P-11052V-8.2.0-8.2.2 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-11052V-8.2.0-8.2.2 Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: Core (Spring Security)). Supported versions that are affected are 8.2.0-8.2.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Session Report Manager accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2020-5408 P-10770V-8.2.0-8.2.2 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10770V-8.2.0-8.2.2 Vulnerability in the Oracle Communications Session Route Manager product of Oracle Communications (component: Core (Spring Security)). Supported versions that are affected are 8.2.0-8.2.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Session Route Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Session Route Manager accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2020-5408 P-10771V-8.2.0-8.2.2 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10771V-8.2.0-8.2.2 Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: JS module (Node.js)). Supported versions that are affected are 7.3.30 and prior, 7.4.29 and prior, 7.5.19 and prior, 7.6.15 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-8174 P-8479V-7.3.30 and prior P-8479V-7.4.29 and prior P-8479V-7.5.19 and prior P-8479V-7.6.15 and prior P-8479V-8.0.21 and prior 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8479V-7.3.30 and prior P-8479V-7.4.29 and prior P-8479V-7.5.19 and prior P-8479V-7.6.15 and prior P-8479V-8.0.21 and prior Vulnerability in the Oracle Application Express component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-9281 P-1348V-Prior to 20.2 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1348V-Prior to 20.2 Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Blogs and Wikis (CKEditor)). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Portal, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Portal accessible data as well as unauthorized read access to a subset of Oracle WebCenter Portal accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2020-9281 P-1696V-11.1.1.9.0 P-1696V-12.2.1.3.0 P-1696V-12.2.1.4.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1696V-11.1.1.9.0 P-1696V-12.2.1.3.0 P-1696V-12.2.1.4.0 Vulnerability in the Oracle Retail Order Broker product of Oracle Retail Applications (component: Order Broker Foundation (jasperreports_server)). Supported versions that are affected are 15.0 and 16.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Order Broker. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Retail Order Broker. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-9410 P-11520V-15.0 P-11520V-16.0 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-11520V-15.0 P-11520V-16.0 Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: Core (Apache Tomcat)). Supported versions that are affected are 8.0.0.0-8.4.0.5. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Diameter Signaling Router (DSR) executes to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks of this vulnerability can result in takeover of Oracle Communications Diameter Signaling Router (DSR). CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-9484 P-10899V-8.0.0.0-8.4.0.5 7.0 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10899V-8.0.0.0-8.4.0.5 Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: Core (Apache Tomcat)). Supported versions that are affected are 8.2.0-8.2.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Element Manager executes to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in takeover of Oracle Communications Element Manager. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-9484 P-11052V-8.2.0-8.2.2 7.0 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-11052V-8.2.0-8.2.2 Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: Core (Apache Tomcat)). Supported versions that are affected are 8.2.0-8.2.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Session Report Manager executes to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in takeover of Oracle Communications Session Report Manager. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-9484 P-10770V-8.2.0-8.2.2 7.0 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10770V-8.2.0-8.2.2 Vulnerability in the Oracle Communications Session Route Manager product of Oracle Communications (component: Core (Apache Tomcat)). Supported versions that are affected are 8.2.0-8.2.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Session Route Manager executes to compromise Oracle Communications Session Route Manager. Successful attacks of this vulnerability can result in takeover of Oracle Communications Session Route Manager. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-9484 P-10771V-8.2.0-8.2.2 7.0 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10771V-8.2.0-8.2.2 Vulnerability in the Oracle Hospitality Guest Access product of Oracle Hospitality Applications (component: Base (Apache Tomcat)). Supported versions that are affected are 4.2.0 and 4.2.1. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality Guest Access executes to compromise Oracle Hospitality Guest Access. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Guest Access. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-9484 P-12617V-4.2.0 P-12617V-4.2.1 7.0 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-12617V-4.2.0 P-12617V-4.2.1 Vulnerability in the Oracle Managed File Transfer product of Oracle Fusion Middleware (component: MFT Runtime Server (Apache Tomcat)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Managed File Transfer executes to compromise Oracle Managed File Transfer. Successful attacks of this vulnerability can result in takeover of Oracle Managed File Transfer. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-9484 P-10198V-12.2.1.3.0 P-10198V-12.2.1.4.0 7.0 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10198V-12.2.1.3.0 P-10198V-12.2.1.4.0 Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Install (Apache Tomcat)). The supported version that is affected is 6.3.7. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Transportation Management executes to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in takeover of Oracle Transportation Management. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-9484 P-1991V-6.3.7 7.0 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1991V-6.3.7 Vulnerability in the Oracle Communications Application Session Controller product of Oracle Communications (component: WS and WEB (Apache Log4j)). The supported version that is affected is 3.9m0p1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTPS to compromise Oracle Communications Application Session Controller. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Application Session Controller accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-9488 P-10769V-3.9m0p1 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10769V-3.9m0p1 Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Billing Operation Center and Oracle Communication Billing Care (Apache Log4j)). Supported versions that are affected are 7.5.0.23.0 and 12.0.0.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTPS to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Billing and Revenue Management accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-9488 P-2136V-7.5.0.23.0 P-2136V-12.0.0.3.0 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-2136V-7.5.0.23.0 P-2136V-12.0.0.3.0 Vulnerability in the Oracle Communications Offline Mediation Controller product of Oracle Communications Applications (component: Core (Apache Log4j)). The supported version that is affected is 12.0.0.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTPS to compromise Oracle Communications Offline Mediation Controller. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Offline Mediation Controller accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-9488 P-2269V-12.0.0.3.0 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-2269V-12.0.0.3.0 Vulnerability in the Oracle Communications Services Gatekeeper product of Oracle Communications (component: Media Control UI (Apache Log4j)). The supported version that is affected is 7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTPS to compromise Oracle Communications Services Gatekeeper. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Services Gatekeeper accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-9488 P-5381V-7 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5381V-7 Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Core (Apache Log4j)). Supported versions that are affected are 7.3.0 and 7.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTPS to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Unified Inventory Management accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-9488 P-4516V-7.3.0 P-4516V-7.4.0 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-4516V-7.3.0 P-4516V-7.4.0 Vulnerability in the Enterprise Manager for Peoplesoft product of Oracle Enterprise Manager (component: PSEM Plugin (Apache Log4j)). The supported version that is affected is 13.4.1.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTPS to compromise Enterprise Manager for Peoplesoft. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Enterprise Manager for Peoplesoft accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-9488 P-2131V-13.4.1.1 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-2131V-13.4.1.1 Vulnerability in the Oracle FLEXCUBE Core Banking product of Oracle Financial Services Applications (component: Core (Apache Log4j)). Supported versions that are affected are 5.2.0 and 11.5.0-11.7.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTPS to compromise Oracle FLEXCUBE Core Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Core Banking accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-9488 P-9101V-5.2.0 P-9101V-11.5.0-11.7.0 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-9101V-5.2.0 P-9101V-11.5.0-11.7.0 Vulnerability in the Oracle FLEXCUBE Private Banking product of Oracle Financial Services Applications (component: Core (Apache Log4j)). Supported versions that are affected are 12.0.0 and 12.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTPS to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-9488 P-9110V-12.0.0 P-9110V-12.1.0 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-9110V-12.0.0 P-9110V-12.1.0 Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure (Apache Log4j)). Supported versions that are affected are 8.0.6-8.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTPS to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-9488 P-5680V-8.0.6-8.1.0 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5680V-8.0.6-8.1.0 Vulnerability in the Oracle Financial Services Institutional Performance Analytics product of Oracle Financial Services Applications (component: User Interface (Apache Log4j)). Supported versions that are affected are 8.0.6, 8.7.0 and 8.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTPS to compromise Oracle Financial Services Institutional Performance Analytics. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Financial Services Institutional Performance Analytics accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-9488 P-10215V-8.0.6 P-10215V-8.7.0 P-10215V-8.1.0 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10215V-8.0.6 P-10215V-8.7.0 P-10215V-8.1.0 Vulnerability in the Oracle Financial Services Market Risk Measurement and Management product of Oracle Financial Services Applications (component: Infrastructure (Apache log4j)). Supported versions that are affected are 8.0.6, 8.0.8 and 8.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTPS to compromise Oracle Financial Services Market Risk Measurement and Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Financial Services Market Risk Measurement and Management accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-9488 P-13111V-8.0.6 P-13111V-8.0.8 P-13111V-8.1.0 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-13111V-8.0.6 P-13111V-8.0.8 P-13111V-8.1.0 Vulnerability in the Oracle Financial Services Price Creation and Discovery product of Oracle Financial Services Applications (component: User Interface (Apache Log4j)). Supported versions that are affected are 8.0.6 and 8.0.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTPS to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-9488 P-5749V-8.0.6 P-5749V-8.0.7 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5749V-8.0.6 P-5749V-8.0.7 Vulnerability in the Oracle Financial Services Retail Customer Analytics product of Oracle Financial Services Applications (component: User Interface (Apache Log4j)). The supported version that is affected is 8.0.6. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTPS to compromise Oracle Financial Services Retail Customer Analytics. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Financial Services Retail Customer Analytics accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-9488 P-10214V-8.0.6 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10214V-8.0.6 Vulnerability in the Oracle Insurance Insbridge Rating and Underwriting product of Oracle Insurance Applications (component: Framework Administrator IBFA (Apache Log4j)). Supported versions that are affected are 5.0.0.0 - 5.6.0.0 and 5.6.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTPS to compromise Oracle Insurance Insbridge Rating and Underwriting. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Insurance Insbridge Rating and Underwriting accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-9488 P-5484V-5.0.0.0 - 5.6.0.0 P-5484V-5.6.1.0 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5484V-5.0.0.0 - 5.6.0.0 P-5484V-5.6.1.0 Vulnerability in the Oracle Insurance Policy Administration J2EE product of Oracle Insurance Applications (component: Architecture (Apache Log4j)). Supported versions that are affected are 10.2.0.37, 10.2.4.12, 11.0.2.25, 11.1.0.15 and 11.2.0.26. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTPS to compromise Oracle Insurance Policy Administration J2EE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Insurance Policy Administration J2EE accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-9488 P-5279V-10.2.0.37 P-5279V-10.2.4.12 P-5279V-11.0.2.25 P-5279V-11.1.0.15 P-5279V-11.2.0.26 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5279V-10.2.0.37 P-5279V-10.2.4.12 P-5279V-11.0.2.25 P-5279V-11.1.0.15 P-5279V-11.2.0.26 Vulnerability in the Oracle Insurance Rules Palette product of Oracle Insurance Applications (component: Architecture (Apache Log4j)). Supported versions that are affected are 10.2.0.37, 10.2.4.12, 11.0.2.25, 11.1.0.15 and 11.2.0.26. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTPS to compromise Oracle Insurance Rules Palette. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Insurance Rules Palette accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-9488 P-5288V-10.2.0.37 P-5288V-10.2.4.12 P-5288V-11.0.2.25 P-5288V-11.1.0.15 P-5288V-11.2.0.26 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5288V-10.2.0.37 P-5288V-10.2.4.12 P-5288V-11.0.2.25 P-5288V-11.1.0.15 P-5288V-11.2.0.26 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Tools Admin API (Apache Log4j)). Supported versions that are affected are 8.56, 8.57 and 8.58. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTPS to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-9488 P-5085V-8.56 P-5085V-8.57 P-5085V-8.58 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5085V-8.56 P-5085V-8.57 P-5085V-8.58 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Mgmt (Apache Log4j)). Supported versions that are affected are 8.56, 8.57 and 8.58. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTPS to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-9488 P-5085V-8.56 P-5085V-8.57 P-5085V-8.58 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5085V-8.56 P-5085V-8.57 P-5085V-8.58 Vulnerability in the Oracle Policy Automation product of Oracle Policy Automation (component: Core (Apache Log4j)). Supported versions that are affected are 12.2.0 - 12.2.20. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Policy Automation. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Policy Automation accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-9488 P-5624V-12.2.0 - 12.2.20 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5624V-12.2.0 - 12.2.20 Vulnerability in the Oracle Policy Automation Connector for Siebel product of Oracle Policy Automation (component: Core (Apache Log4j)). The supported version that is affected is 10.4.6. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Policy Automation Connector for Siebel. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Policy Automation Connector for Siebel accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-9488 P-5627V-10.4.6 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5627V-10.4.6 Vulnerability in the Oracle Policy Automation for Mobile Devices product of Oracle Policy Automation (component: Core (Apache Log4j)). Supported versions that are affected are 12.2.0 - 12.2.20. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Policy Automation for Mobile Devices. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Policy Automation for Mobile Devices accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-9488 P-5626V-12.2.0 - 12.2.20 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5626V-12.2.0 - 12.2.20 Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Core (Apache Log4j)). Supported versions that are affected are 18.8 and 19.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTPS to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Primavera Unifier accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-9488 P-10354V-18.8 P-10354V-19.12 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10354V-18.8 P-10354V-19.12 Vulnerability in the Oracle Retail Advanced Inventory Planning product of Oracle Retail Applications (component: AIP Dashboard (Apache Log4j)). The supported version that is affected is 14.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Advanced Inventory Planning. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Advanced Inventory Planning accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-9488 P-1785V-14.1 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1785V-14.1 Vulnerability in the Oracle Retail Assortment Planning product of Oracle Retail Applications (component: Application Core (Apache Log4j)). Supported versions that are affected are 15.0.3.0 and 16.0.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Assortment Planning. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Assortment Planning accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-9488 P-1788V-15.0.3.0 P-1788V-16.0.3.0 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1788V-15.0.3.0 P-1788V-16.0.3.0 Vulnerability in the Oracle Retail Bulk Data Integration product of Oracle Retail Applications (component: BDI Job Scheduler (Apache Log4j)). Supported versions that are affected are 15.0.3.0 and 16.0.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Bulk Data Integration. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Bulk Data Integration accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-9488 P-12968V-15.0.3.0 P-12968V-16.0.3.0 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-12968V-15.0.3.0 P-12968V-16.0.3.0 Vulnerability in the Oracle Retail Integration Bus product of Oracle Retail Applications (component: RIB Kernal (Apache Log4j)). Supported versions that are affected are 14.1, 15.0 and 16.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Integration Bus. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Integration Bus accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-9488 P-1807V-14.1 P-1807V-15.0 P-1807V-16.0 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1807V-14.1 P-1807V-15.0 P-1807V-16.0 Vulnerability in the Oracle Retail Order Broker product of Oracle Retail Applications (component: Store Connect (Apache Log4j)). Supported versions that are affected are 16.0, 18.0, 19.0, 19.1, 19.2 and 19.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Order Broker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Order Broker accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-9488 P-11520V-16.0 P-11520V-18.0 P-11520V-19.0 P-11520V-19.1 P-11520V-19.2 P-11520V-19.3 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-11520V-16.0 P-11520V-18.0 P-11520V-19.0 P-11520V-19.1 P-11520V-19.2 P-11520V-19.3 Vulnerability in the Oracle Retail Predictive Application Server product of Oracle Retail Applications (component: RPAS Fusion Client (Apache Log4j)). Supported versions that are affected are 14.1.3.0, 15.0.3.0 and 16.0.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Predictive Application Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Predictive Application Server accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-9488 P-1823V-14.1.3.0 P-1823V-15.0.3.0 P-1823V-16.0.3.0 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-1823V-14.1.3.0 P-1823V-15.0.3.0 P-1823V-16.0.3.0 Security-in-Depth issue in the Oracle Spatial and Graph (Apache Log4j) component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 18c and 19c. This vulnerability cannot be exploited in the context of this product.CVSS 3.1 Base Score 0.0. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N). Security patch has been released CVE-2020-9488 P-619V-12.2.0.1 P-619V-18c P-619V-19c 0.0 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-619V-12.2.0.1 P-619V-18c P-619V-19c Vulnerability in the Oracle Utilities Framework product of Oracle Utilities Applications (component: Common (Apache Log4j)). Supported versions that are affected are 2.2.0.0.0, 4.2.0.2.0, 4.2.0.3.0, 4.3.0.1.0 - 4.3.0.6.0, 4.4.0.0.0 and 4.4.0.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Utilities Framework accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-9488 P-2245V-2.2.0.0.0 P-2245V-4.2.0.2.0 P-2245V-4.2.0.3.0 P-2245V-4.3.0.1.0 - 4.3.0.6.0 P-2245V-4.4.0.0.0 P-2245V-4.4.0.2.0 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-2245V-2.2.0.0.0 P-2245V-4.2.0.2.0 P-2245V-4.2.0.3.0 P-2245V-4.3.0.1.0 - 4.3.0.6.0 P-2245V-4.4.0.0.0 P-2245V-4.4.0.2.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core (Apache Log4j)). The supported version that is affected is 10.3.6.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTPS to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2020-9488 P-5242V-10.3.6.0.0 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5242V-10.3.6.0.0 Vulnerability in the Oracle Communications Messaging Server product of Oracle Communications Applications (component: Core (Apache Tika)). The supported version that is affected is 8.1. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Messaging Server executes to compromise Oracle Communications Messaging Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Messaging Server. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-9489 P-8496V-8.1 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-8496V-8.1 Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Platform (Apache Tika)). Supported versions that are affected are 16.1, 16.2, 17.7-17.12, 18.8 and 19.12. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Primavera Unifier executes to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Unifier. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Security patch has been released CVE-2020-9489 P-10354V-16.1 P-10354V-16.2 P-10354V-17.7-17.12 P-10354V-18.8 P-10354V-19.12 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10354V-16.1 P-10354V-16.2 P-10354V-17.7-17.12 P-10354V-18.8 P-10354V-19.12 Security-in-Depth issue in the Big Data Spatial and Graph product of Oracle Big Data Graph (component: Property Graph Analytics (jackson-databind)). The supported version that is affected is Prior to 20.2. This vulnerability cannot be exploited in the context of this product. Note: CVEs addressed by this patch are not exploitable in the context of Property Graph and Analytics in Big Data Spatial and Graph product, thus the CVSS score is 0.0. CVSS 3.1 Base Score 0.0. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N). Security patch has been released CVE-2020-9546 P-11528V-Prior to 20.2 0.0 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-11528V-Prior to 20.2 Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure (jackson-databind)). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-9546 P-5680V-8.0.6-8.1.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5680V-8.0.6-8.1.0 Vulnerability in the Oracle Financial Services Institutional Performance Analytics product of Oracle Financial Services Applications (component: User Interface (jackson-databind)). Supported versions that are affected are 8.0.6, 8.7.0 and 8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Institutional Performance Analytics. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Institutional Performance Analytics. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-9546 P-10215V-8.0.6 P-10215V-8.7.0 P-10215V-8.1.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10215V-8.0.6 P-10215V-8.7.0 P-10215V-8.1.0 Vulnerability in the Oracle Financial Services Price Creation and Discovery product of Oracle Financial Services Applications (component: User Interface (jackson-databind)). Supported versions that are affected are 8.0.6 and 8.0.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Price Creation and Discovery. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-9546 P-5749V-8.0.6 P-5749V-8.0.7 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5749V-8.0.6 P-5749V-8.0.7 Vulnerability in the Oracle Financial Services Retail Customer Analytics product of Oracle Financial Services Applications (component: User Interface (jackson-databind)). The supported version that is affected is 8.0.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Retail Customer Analytics. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Retail Customer Analytics. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-9546 P-10214V-8.0.6 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10214V-8.0.6 Vulnerability in the Oracle Insurance Policy Administration J2EE product of Oracle Insurance Applications (component: Architecture (jackson-databind)). Supported versions that are affected are 11.0.2.25 and 11.1.0.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Policy Administration J2EE. Successful attacks of this vulnerability can result in takeover of Oracle Insurance Policy Administration J2EE. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-9546 P-5279V-11.0.2.25 P-5279V-11.1.0.15 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-5279V-11.0.2.25 P-5279V-11.1.0.15 Vulnerability in the Oracle Retail Service Backbone product of Oracle Retail Applications (component: RSB kernel (jackson-databind)). Supported versions that are affected are 14.1, 15.0 and 16.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Service Backbone. Successful attacks of this vulnerability can result in takeover of Oracle Retail Service Backbone. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2020-9546 P-10867V-14.1 P-10867V-15.0 P-10867V-16.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUOct2020 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpuoct2020.html P-10867V-14.1 P-10867V-15.0 P-10867V-16.0