Oracle Critical Patch Update Advisory - January 2013 - Beta Oracle CVRF Oracle Critical Patch Update Advisory CPUJan2013 Final 1.0 1.0 2013-01-15T13:00:00-07:00 Initial Distribution 2013-01-15T13:00:00-07:00 2013-01-15T13:00:00-07:00 This document contains descriptions of Oracle product security vulnerabilities which have had fixes released for all supported versions and platforms for the associated product. Additional information regarding these vulnerabilities including fix distribution information can be found at the Oracle sites referenced in this document. This document is published at: http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/1841213.xml http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html URL to html version of Advisory Alexandr Polyakov Digital Security Apple J4ck Apple J4ck Benjamin Toews Neohapsis, Inc. CERT/CC CERT/CC Dmitriy Pletnev Secunia Research Esteban Martinez Fayo Application Security, Inc. Frank Stuart Frank Stuart Greg Jenkins NCC Group Juan Pablo Perez Etchegoyen Onapsis Martin Carpenter Citco Martin Rakhmanov Application Security, Inc. Paul M. Wright Paul M. Wright Pavel Toporkov Positive Technologies Piyush Mittal PIYUSH MITTAL Qinglin Jiang Application Security, Inc. Robert Foggia Trustwave Shashank Kumar Shashank kumar Travis Emmert Travis Emmert an Anonymous Reporter TippingPoint's Zero Day Initiative Oracle Database Mobile/Lite Server Version 10.3.0.3 Oracle Database Mobile/Lite Server Version 11.1.0.0 Oracle Spatial Version 10.2.0.3 Oracle Spatial Version 10.2.0.4 Oracle Spatial Version 10.2.0.5 Oracle Spatial Version 11.1.0.7 Oracle Spatial Version 11.2.0.2 Oracle Spatial Version 11.2.0.3 Oracle Marketing Version 11.5.10.2 Oracle Marketing Version 12.0.6 Oracle Marketing Version 12.1.1 Oracle Marketing Version 12.1.2 Oracle Marketing Version 12.1.3 Oracle Payroll Version 11.5.10.2 Oracle Payroll Version 12.0.6 Oracle Payroll Version 12.1.1 Oracle Payroll Version 12.1.2 Oracle Payroll Version 12.1.3 Oracle Application Object Library Version 11.5.10.2 Oracle Application Object Library Version 12.0.6 Oracle Application Object Library Version 12.1.3 Oracle Universal Work Queue Version 11.5.10.2 Oracle Universal Work Queue Version 12.0.6 Oracle Universal Work Queue Version 12.1.1 Oracle Universal Work Queue Version 12.1.2 Oracle Universal Work Queue Version 12.1.3 Oracle CRM Technical Foundation Version 11.5.10.2 Oracle CRM Technical Foundation Version 12.0.6 Oracle CRM Technical Foundation Version 12.1.3 Oracle Applications Framework Version 11.5.10.2 Oracle Applications Framework Version 12.0.6 Oracle Applications Framework Version 12.1.3 Oracle Applications Technology Stack Version 11.5.10.2 Oracle Applications Technology Stack Version 12.0.6 Oracle Applications Technology Stack Version 12.1.3 Enterprise Manager for Oracle Database Version 10.2.0.4 Enterprise Manager for Oracle Database Version 10.2.0.4; 10.2.0.5 Enterprise Manager for Oracle Database Version 10.2.0.5 Enterprise Manager for Oracle Database Version 11.1.0.1; EM DB Control: 10.2.0.3 Enterprise Manager for Oracle Database Version 11.1.0.1; EM DB Control: 11.1.0.7 Enterprise Manager for Oracle Database Version 11.1.0.7 Enterprise Manager for Oracle Database Version 11.2.0.2 Enterprise Manager for Oracle Database Version 11.2.0.3 Enterprise Manager for Oracle Database Version 11.2.0.3; EM Plugin for DB: 12.1.0.1 Enterprise Manager for Oracle Database Version 11.2.0.3;EM Plugin for DB: 12.1.0.2 Enterprise Manager for Oracle Database Version 12.1.0.1; EM DB Control: 11.1.0.7 Enterprise Manager for Oracle Database Version 12.1.0.2 Enterprise Manager for Oracle Database Version EM Base Platform: 10.2.0.5 Enterprise Manager for Oracle Database Version EM Base Platform: 11.1.0.1 Enterprise Manager for Oracle Database Version EM Plugin for DB: 12.1.0.1 Enterprise Manager Base Platform Version 10.2.0.4 Enterprise Manager Base Platform Version 10.2.0.5 Enterprise Manager Base Platform Version 11.1.0.1; EM DB Control: 11.1.0.7 Enterprise Manager Base Platform Version 11.1.0.7 Enterprise Manager Base Platform Version 11.2.0.2 Enterprise Manager Base Platform Version 11.2.0.3 Enterprise Manager Base Platform Version 11.2.0.3;EM Plugin for DB 12.1.0.1 Enterprise Manager Base Platform Version EM Base Platform 10.2.0.5;EM DB Control: 11.1.0.7 Enterprise Manager Base Platform Version EM Base Platform: 10.2.0.5 Enterprise Manager Base Platform Version EM Base Platform: 10.2.0.5; EM DB Control: 10.2.0.3 APM - Application Performance Management Version 11.1 APM - Application Performance Management Version 12.1.0.2 APM - Application Performance Management Version 6.5 Oracle Help Technologies Version - Oracle Outside In Technology Version 8.3.7 Oracle Outside In Technology Version 8.4 Oracle Weblogic Server Version 10.0.2 Oracle Weblogic Server Version 10.3.5 Oracle Weblogic Server Version 10.3.6 Oracle Weblogic Server Version 12.1.1 Oracle Weblogic Server Version 9.2.4 Oracle Access Manager Version 10.1.4.3.0 Oracle Access Manager Version 11.1.1.5.0 Oracle Access Manager Version 11.1.2.0.0 Oracle GoldenGate Veridata Version 3.0.0.11.0 Management Pack for Oracle GoldenGate Version 11.1.1.1.0 JD Edwards EnterpriseOne Tools Version 24 JD Edwards EnterpriseOne Tools Version 8.98 JD Edwards EnterpriseOne Tools Version 9.1 MySQL Server Version 5.1.28 and earlier MySQL Server Version 5.1.65 and earlier MySQL Server Version 5.1.66 and earlier MySQL Server Version 5.5.27 and earlier MySQL Server Version 5.5.28 and earlier PeopleSoft Enterprise HRMS Candidate Gateway Version 9.0 PeopleSoft Enterprise HRMS Candidate Gateway Version 9.1 PeopleSoft Enterprise HRMS Human Resources Version 9.1 PeopleSoft Enterprise PT PeopleTools Version 8.51 PeopleSoft Enterprise PT PeopleTools Version 8.52 Siebel Apps - Multichannel Technologies Version 8.1.1 Siebel Apps - Multichannel Technologies Version 8.2.2 Siebel Core - Server Infrastructure Version 8.1.1 Siebel Core - Server Infrastructure Version 8.2.2 Siebel Core - Server OM Svcs Version 8.1.1 Siebel Core - Server OM Svcs Version 8.2.2 Siebel UI Framework Version 8.1.1 Siebel UI Framework Version 8.2.2 Siebel Calendar Version 8.1.1 Siebel Calendar Version 8.2.2 Solaris Operating System Version 10 Solaris Operating System Version 11 Solaris Operating System Version 9 Sun Storage Common Array Manager (CAM) Version 6.9.0 Oracle Agile PLM Framework Version 9.3.1.1 Oracle VM VirtualBox Version 4.0 Oracle VM VirtualBox Version 4.1 Oracle VM VirtualBox Version 4.2 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P+). Fix has been released CVE-2011-5035 P-5242V-9.2.4 P-5242V-10.0.2 P-5242V-10.3.5 P-5242V-10.3.6 P-5242V-12.1.1 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-5242V-9.2.4 P-5242V-10.0.2 P-5242V-10.3.5 P-5242V-10.3.6 P-5242V-12.1.1 Vulnerability in the Oracle GoldenGate Veridata component of Oracle Fusion Middleware (subcomponent: Server). The supported version that is affected is 3.0.0.11.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate Veridata. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P+). Fix has been released CVE-2012-0022 P-5758V-3.0.0.11.0 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-5758V-3.0.0.11.0 Vulnerability in the Management Pack for Oracle GoldenGate component of Oracle Fusion Middleware (subcomponent: Server). The supported version that is affected is 11.1.1.1.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Management Pack for Oracle GoldenGate. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P+). Fix has been released CVE-2012-0022 P-5759V-11.1.1.1.0 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-5759V-11.1.1.1.0 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Install/smpatch). The supported version that is affected is 10. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data. CVSS Base Score 3.3 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:N). Fix has been released CVE-2012-0569 P-10006V-10 3.3 AV:L/AC:M/Au:N/C:P/I:P/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-10006V-10 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2012-0572 P-8478V-5.1.66 and earlier P-8478V-5.5.28 and earlier 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-8478V-5.1.66 and earlier P-8478V-5.5.28 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2012-0574 P-8478V-5.1.66 and earlier P-8478V-5.5.28 and earlier 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-8478V-5.1.66 and earlier P-8478V-5.5.28 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2012-0578 P-8478V-5.5.28 and earlier 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-8478V-5.5.28 and earlier Vulnerability in the Oracle Application Server Single Sign-On component of Oracle Fusion Middleware (subcomponent: None). For supported versions that are affected see note. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Server Single Sign-On accessible data. Note: Fixed in all supported releases and patchsets. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-1677 P-949V-- 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-949V-- Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Enterprise Infrastructure SEC). Supported versions that are affected are 8.98, 9.1 and 24. Difficult to exploit vulnerability allows successful authenticated network attacks via JDENET. Successful attack of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). Fix has been released CVE-2012-1678 P-4781V-8.98 P-4781V-9.1 P-4781V-24 3.5 AV:N/AC:M/Au:S/C:P/I:N/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-4781V-8.98 P-4781V-9.1 P-4781V-24 Vulnerability in the Siebel CRM component of Oracle Siebel CRM (subcomponent: Siebel Apps - Multi-channel Technologies). Supported versions that are affected are 8.1.1 and 8.2.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Siebel CRM accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Fix has been released CVE-2012-1680 P-8975V-8.1.1 P-8975V-8.2.2 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-8975V-8.1.1 P-8975V-8.2.2 Vulnerability in the Siebel CRM component of Oracle Siebel CRM (subcomponent: Siebel UI Framework). Supported versions that are affected are 8.1.1 and 8.2.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Siebel CRM accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Fix has been released CVE-2012-1700 P-9011V-8.1.1 P-9011V-8.2.2 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-9011V-8.1.1 P-9011V-8.2.2 Vulnerability in the Siebel CRM component of Oracle Siebel CRM (subcomponent: Highly Interactive Web UI). Supported versions that are affected are 8.1.1 and 8.2.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Siebel CRM accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2012-1701 P-9011V-8.1.1 P-9011V-8.2.2 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-9011V-8.1.1 P-9011V-8.2.2 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Fix has been released CVE-2012-1702 P-8478V-5.1.66 and earlier P-8478V-5.5.28 and earlier 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-8478V-5.1.66 and earlier P-8478V-5.5.28 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2012-1705 P-8478V-5.1.66 and earlier P-8478V-5.5.28 and earlier 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-8478V-5.1.66 and earlier P-8478V-5.5.28 and earlier Vulnerability in the PeopleSoft PeopleTools component of Oracle PeopleSoft Products (subcomponent: PeopleBooks - PSOL). The supported version that is affected is 8.51. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft PeopleTools accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-1755 P-5085V-8.51 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-5085V-8.51 Vulnerability in the Siebel CRM component of Oracle Siebel CRM (subcomponent: Siebel Core - Server Infrastructure). Supported versions that are affected are 8.1.1 and 8.2.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Siebel CRM. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Fix has been released CVE-2012-3168 P-9004V-8.1.1 P-9004V-8.2.2 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-9004V-8.1.1 P-9004V-8.2.2 Vulnerability in the Siebel CRM component of Oracle Siebel CRM (subcomponent: Siebel Core - Server Infrastructure). Supported versions that are affected are 8.1.1 and 8.2.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP . Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Siebel CRM. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Fix has been released CVE-2012-3169 P-9004V-8.1.1 P-9004V-8.2.2 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-9004V-8.1.1 P-9004V-8.2.2 Vulnerability in the Siebel CRM component of Oracle Siebel CRM (subcomponent: Siebel Core - Server Infrastructure). Supported versions that are affected are 8.1.1 and 8.2.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Siebel CRM. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). Fix has been released CVE-2012-3170 P-9004V-8.1.1 P-9004V-8.2.2 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-9004V-8.1.1 P-9004V-8.2.2 Vulnerability in the Siebel CRM component of Oracle Siebel CRM (subcomponent: Siebel Apps - Multi-channel Technologies). Supported versions that are affected are 8.1.1 and 8.2.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Siebel CRM. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Fix has been released CVE-2012-3172 P-8975V-8.1.1 P-8975V-8.2.2 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-8975V-8.1.1 P-8975V-8.2.2 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Fix has been released CVE-2012-3178 P-10006V-11 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-10006V-11 Vulnerability in the Oracle Universal Work Queue component of Oracle E-Business Suite (subcomponent: UWQ Server Issues). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Universal Work Queue accessible data as well as read access to all Oracle Universal Work Queue accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:N). Fix has been released CVE-2012-3190 P-778V-11.5.10.2 P-778V-12.0.6 P-778V-12.1.1 P-778V-12.1.2 P-778V-12.1.3 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-778V-11.5.10.2 P-778V-12.0.6 P-778V-12.1.1 P-778V-12.1.2 P-778V-12.1.3 Vulnerability in the PeopleSoft PeopleTools component of Oracle PeopleSoft Products (subcomponent: RTE - Rich Text Editor). Supported versions that are affected are 8.51 and 8.52. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft PeopleTools accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). Fix has been released CVE-2012-3192 P-5085V-8.51 P-5085V-8.52 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-5085V-8.51 P-5085V-8.52 Vulnerability in the Human Resources component of Oracle E-Business Suite (subcomponent: Security Groups). Supported versions that are affected are 11.5.10.2, 12.0.6 and 12.1.3. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Human Resources accessible data as well as read access to a subset of Human Resources accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). Fix has been released CVE-2012-3218 P-510V-11.5.10.2 P-510V-12.0.6 P-510V-12.1.3 5.5 AV:N/AC:L/Au:S/C:P/I:P/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-510V-11.5.10.2 P-510V-12.0.6 P-510V-12.1.3 Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Storage Management). Supported versions that are affected are EM Base Platform: 10.2.0.5, 11.1.0.1; EM DB Control: 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3; EM Plugin for DB: 12.1.0.1 and 12.1.0.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Base Platform accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-3219 P-1366V-EM Base Platform: 10.2.0.5 P-1366V-11.1.0.1; EM DB Control: 10.2.0.3 P-1366V-10.2.0.4 P-1366V-10.2.0.5 P-1366V-11.1.0.7 P-1366V-11.2.0.2 P-1366V-11.2.0.3; EM Plugin for DB: 12.1.0.1 P-1366V-12.1.0.2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-1366V-EM Base Platform: 10.2.0.5 P-1366V-11.1.0.1; EM DB Control: 10.2.0.3 P-1366V-10.2.0.4 P-1366V-10.2.0.5 P-1366V-11.1.0.7 P-1366V-11.2.0.2 P-1366V-11.2.0.3; EM Plugin for DB: 12.1.0.1 P-1366V-12.1.0.2 Vulnerability in the Spatial component of Oracle Database Server. This vulnerability requires Create Table privileges for a successful attack. Supported versions that are affected are 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2 and 11.2.0.3. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: The CVSS Base Score is 9.0 only for Windows. For Linux, Unix and other platforms, the CVSS Base Score is 6.5, and the impacts for Confidentiality, Integrity and Availability are Partial+. CVSS Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C). Oracle Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C). Fix has been released CVE-2012-3220 P-619V-10.2.0.3 P-619V-10.2.0.4 P-619V-10.2.0.5 P-619V-11.1.0.7 P-619V-11.2.0.2 P-619V-11.2.0.3 9.0 AV:N/AC:L/Au:S/C:C/I:C/A:C CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-619V-10.2.0.3 P-619V-10.2.0.4 P-619V-10.2.0.5 P-619V-11.1.0.7 P-619V-11.2.0.2 P-619V-11.2.0.3 Vulnerability in the PeopleSoft PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.51 and 8.52. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft PeopleTools accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-5059 P-5085V-8.51 P-5085V-8.52 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-5085V-8.51 P-5085V-8.52 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: GIS Extension). Supported versions that are affected are 5.1.65 and earlier and 5.5.27 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 6.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C). Fix has been released CVE-2012-5060 P-8478V-5.1.65 and earlier P-8478V-5.5.27 and earlier 6.8 AV:N/AC:L/Au:S/C:N/I:N/A:C CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-8478V-5.1.65 and earlier P-8478V-5.5.27 and earlier Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: User Interface Framework). Supported versions that are affected are EM Base Platform: 10.2.0.5; EM DB Control: 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2 and 11.2.0.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Base Platform accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-5062 P-1370V-EM Base Platform: 10.2.0.5; EM DB Control: 10.2.0.3 P-1370V-10.2.0.4 P-1370V-10.2.0.5 P-1370V-11.1.0.7 P-1370V-11.2.0.2 P-1370V-11.2.0.3 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-1370V-EM Base Platform: 10.2.0.5; EM DB Control: 10.2.0.3 P-1370V-10.2.0.4 P-1370V-10.2.0.5 P-1370V-11.1.0.7 P-1370V-11.2.0.2 P-1370V-11.2.0.3 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Privileges). Supported versions that are affected are 5.5.28 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2012-5096 P-8478V-5.5.28 and earlier 3.5 AV:N/AC:M/Au:S/C:N/I:N/A:P CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-8478V-5.5.28 and earlier Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: OAM Webgate). Supported versions that are affected are 10.1.4.3.0, 11.1.1.5.0 and 11.1.2.0.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Access Manager accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2012-5097 P-5565V-10.1.4.3.0 P-5565V-11.1.1.5.0 P-5565V-11.1.2.0.0 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-5565V-10.1.4.3.0 P-5565V-11.1.1.5.0 P-5565V-11.1.2.0.0 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Privileges). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: The CVSS Base Score is 9.0 only for Windows. For Linux, Unix and other platforms, the CVSS Base Score is 6.5, and the impacts for Confidentiality, Integrity and Availability are Partial+. CVSS Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C). Oracle Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C). Fix has been released CVE-2012-5611 P-8478V-5.1.66 and earlier P-8478V-5.5.28 and earlier 9.0 AV:N/AC:L/Au:S/C:C/I:C/A:C CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-8478V-5.1.66 and earlier P-8478V-5.5.28 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Parser). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: The CVSS Base Score is 9.0 only for Windows. For Linux, Unix and other platforms, the CVSS Base Score is 6.5, and the impacts for Confidentiality, Integrity and Availability are Partial+. CVSS Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C). Oracle Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C). Fix has been released CVE-2012-5612 P-8478V-5.5.28 and earlier 9.0 AV:N/AC:L/Au:S/C:C/I:C/A:C CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-8478V-5.5.28 and earlier Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Content Management). Supported versions that are affected are EM Base Platform: 10.2.0.5, 11.1.0.1; EM DB Control: 10.2.0.3, 10.2.0.4; 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3, EM Plugin for DB: 12.1.0.1 and 12.1.0.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Base Platform accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2013-0352 P-1366V-EM Base Platform: 10.2.0.5 P-1366V-11.1.0.1; EM DB Control: 10.2.0.3 P-1366V-10.2.0.4; 10.2.0.5 P-1366V-11.1.0.7 P-1366V-11.2.0.2 P-1366V-11.2.0.3 P-1366V-EM Plugin for DB: 12.1.0.1 P-1366V-12.1.0.2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-1366V-EM Base Platform: 10.2.0.5 P-1366V-11.1.0.1; EM DB Control: 10.2.0.3 P-1366V-10.2.0.4; 10.2.0.5 P-1366V-11.1.0.7 P-1366V-11.2.0.2 P-1366V-11.2.0.3 P-1366V-EM Plugin for DB: 12.1.0.1 P-1366V-12.1.0.2 Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Enterprise Configuration Management). Supported versions that are affected are EM Base Platform: 10.2.0.5, 11.1.0.1; EM DB Control: 11.1.0.7, 11.2.0.2 and 11.2.0.3; EM Plugin for DB 12.1.0.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Base Platform accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2013-0353 P-1370V-EM Base Platform: 10.2.0.5 P-1370V-11.1.0.1; EM DB Control: 11.1.0.7 P-1370V-11.2.0.2 P-1370V-11.2.0.3;EM Plugin for DB 12.1.0.1 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-1370V-EM Base Platform: 10.2.0.5 P-1370V-11.1.0.1; EM DB Control: 11.1.0.7 P-1370V-11.2.0.2 P-1370V-11.2.0.3;EM Plugin for DB 12.1.0.1 Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Policy Framework). Supported versions that are affected are EM Base Platform 10.2.0.5; EM DB Control: 11.1.0.7, 11.2.0.2 and 11.2.0.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Base Platform accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2013-0354 P-1370V-EM Base Platform 10.2.0.5;EM DB Control: 11.1.0.7 P-1370V-11.2.0.2 P-1370V-11.2.0.3 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-1370V-EM Base Platform 10.2.0.5;EM DB Control: 11.1.0.7 P-1370V-11.2.0.2 P-1370V-11.2.0.3 Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Distributed/Cross DB Features). Supported versions that are affected are EM Base Platform: 10.2.0.5, 11.1.0.1; EM DB Control: 11.1.0.7, 11.2.0.2 and 11.2.0.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Base Platform accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2013-0355 P-1366V-EM Base Platform: 10.2.0.5 P-1366V-11.1.0.1; EM DB Control: 11.1.0.7 P-1366V-11.2.0.2 P-1366V-11.2.0.3 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-1366V-EM Base Platform: 10.2.0.5 P-1366V-11.1.0.1; EM DB Control: 11.1.0.7 P-1366V-11.2.0.2 P-1366V-11.2.0.3 Vulnerability in the PeopleSoft PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.51 and 8.52. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft PeopleTools accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2013-0356 P-5085V-8.51 P-5085V-8.52 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-5085V-8.51 P-5085V-8.52 Vulnerability in the PeopleSoft PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). The supported version that is affected is 8.52. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft PeopleTools accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2013-0357 P-5085V-8.52 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-5085V-8.52 Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Resource Manager). Supported versions that are affected are EM Base Platform: 10.2.0.5, 11.1.0.1; EM DB Control: 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3; EM Plugin for DB: 12.1.0.1 and 12.1.0.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Base Platform accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2013-0358 P-1366V-EM Base Platform: 10.2.0.5 P-1366V-11.1.0.1; EM DB Control: 10.2.0.3 P-1366V-10.2.0.4 P-1366V-10.2.0.5 P-1366V-11.1.0.7 P-1366V-11.2.0.2 P-1366V-11.2.0.3; EM Plugin for DB: 12.1.0.1 P-1366V-12.1.0.2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-1366V-EM Base Platform: 10.2.0.5 P-1366V-11.1.0.1; EM DB Control: 10.2.0.3 P-1366V-10.2.0.4 P-1366V-10.2.0.5 P-1366V-11.1.0.7 P-1366V-11.2.0.2 P-1366V-11.2.0.3; EM Plugin for DB: 12.1.0.1 P-1366V-12.1.0.2 Vulnerability in the APM - Application Performance Management component of Oracle Enterprise Manager Grid Control (subcomponent: Business Transaction Management). Supported versions that are affected are 6.5, 11.1 and 12.1.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized takeover of APM - Application Performance Management possibly including arbitrary code execution within the APM - Application Performance Management. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:P+). Fix has been released CVE-2013-0359 P-9572V-6.5 P-9572V-11.1 P-9572V-12.1.0.2 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-9572V-6.5 P-9572V-11.1 P-9572V-12.1.0.2 Vulnerability in the APM - Application Performance Management component of Oracle Enterprise Manager Grid Control (subcomponent: Business Transaction Management). Supported versions that are affected are 6.5, 11.1 and 12.1.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all APM - Application Performance Management accessible data. CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:P+/A:N). Fix has been released CVE-2013-0360 P-9572V-6.5 P-9572V-11.1 P-9572V-12.1.0.2 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-9572V-6.5 P-9572V-11.1 P-9572V-12.1.0.2 Vulnerability in the Mobile Server component of Oracle Database Mobile/Lite Server. Supported versions that are affected are 10.3.0.3 and 11.1.0.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Oracle Database Mobile Server was formerly known as Oracle Database Lite for 10g. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Fix has been released CVE-2013-0361 P-9620V-10.3.0.3 P-9620V-11.1.0.0 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-9620V-10.3.0.3 P-9620V-11.1.0.0 Vulnerability in the Mobile Server component of Oracle Database Mobile/Lite Server. Supported versions that are affected are 10.3.0.3 and 11.1.0.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to any arbitrary Operating System location. Note: Oracle Database Mobile Server was formerly known as Oracle Database Lite for 10g. CVSS Base Score 7.8 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N). Fix has been released CVE-2013-0362 P-9620V-10.3.0.3 P-9620V-11.1.0.0 7.8 AV:N/AC:L/Au:N/C:C/I:N/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-9620V-10.3.0.3 P-9620V-11.1.0.0 Vulnerability in the Mobile Server component of Oracle Database Mobile/Lite Server. Supported versions that are affected are 10.3.0.3 and 11.1.0.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to any arbitrary Operating System location. Note: Oracle Database Mobile Server was formerly known as Oracle Database Lite for 10g. CVSS Base Score 7.8 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N). Fix has been released CVE-2013-0363 P-9620V-10.3.0.3 P-9620V-11.1.0.0 7.8 AV:N/AC:L/Au:N/C:C/I:N/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-9620V-10.3.0.3 P-9620V-11.1.0.0 Vulnerability in the Mobile Server component of Oracle Database Mobile/Lite Server. Supported versions that are affected are 10.3.0.3 and 11.1.0.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to any arbitrary Operating System location. Note: Oracle Database Mobile Server was formerly known as Oracle Database Lite for 10g. CVSS Base Score 7.8 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N). Fix has been released CVE-2013-0364 P-9620V-10.3.0.3 P-9620V-11.1.0.0 7.8 AV:N/AC:L/Au:N/C:C/I:N/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-9620V-10.3.0.3 P-9620V-11.1.0.0 Vulnerability in the Siebel CRM component of Oracle Siebel CRM (subcomponent: Security). Supported versions that are affected are 8.1.1 and 8.2.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Siebel CRM accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). Fix has been released CVE-2013-0365 P-9006V-8.1.1 P-9006V-8.2.2 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-9006V-8.1.1 P-9006V-8.2.2 Vulnerability in the Mobile Server component of Oracle Database Mobile/Lite Server. Supported versions that are affected are 10.3.0.3 and 11.1.0.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Oracle Database Mobile Server was formerly known as Oracle Database Lite for 10g. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Fix has been released CVE-2013-0366 P-9620V-10.3.0.3 P-9620V-11.1.0.0 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-9620V-10.3.0.3 P-9620V-11.1.0.0 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Partition). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2013-0367 P-8478V-5.5.28 and earlier 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-8478V-5.5.28 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2013-0368 P-8478V-5.5.28 and earlier 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-8478V-5.5.28 and earlier Vulnerability in the PeopleSoft PeopleTools component of Oracle PeopleSoft Products (subcomponent: Query). Supported versions that are affected are 8.51 and 8.52. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft PeopleTools accessible data as well as read access to a subset of PeopleSoft PeopleTools accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). Fix has been released CVE-2013-0369 P-5085V-8.51 P-5085V-8.52 5.5 AV:N/AC:L/Au:S/C:P/I:P/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-5085V-8.51 P-5085V-8.52 Vulnerability in the Oracle Agile PLM Framework component of Oracle Supply Chain Products Suite (subcomponent: Security). The supported version that is affected is 9.3.1.1. Very difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Agile PLM Framework accessible data. CVSS Base Score 2.1 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:H/Au:S/C:P/I:N/A:N). Fix has been released CVE-2013-0370 P-4461V-9.3.1.1 2.1 AV:N/AC:H/Au:S/C:P/I:N/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-4461V-9.3.1.1 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P+). Fix has been released CVE-2013-0371 P-8478V-5.5.28 and earlier 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-8478V-5.5.28 and earlier Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Distributed/Cross DB Features). Supported versions that are affected are EM Base Platform: 11.1.0.1, 12.1.0.1; EM DB Control: 11.1.0.7, 11.2.0.2 and 11.2.0.3; EM Plugin for DB: 12.1.0.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Base Platform accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2013-0372 P-1366V-EM Base Platform: 11.1.0.1 P-1366V-12.1.0.1; EM DB Control: 11.1.0.7 P-1366V-11.2.0.2 P-1366V-11.2.0.3;EM Plugin for DB: 12.1.0.2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-1366V-EM Base Platform: 11.1.0.1 P-1366V-12.1.0.1; EM DB Control: 11.1.0.7 P-1366V-11.2.0.2 P-1366V-11.2.0.3;EM Plugin for DB: 12.1.0.2 Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Distributed/Cross DB Features). Supported versions that are affected are EM Base Platform: 10.2.0.5, 11.1.0.1; EM DB Control: 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3; EM Plugin for DB: 12.1.0.1 and 12.1.0.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Base Platform accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2013-0373 P-1366V-EM Base Platform: 10.2.0.5 P-1366V-11.1.0.1; EM DB Control: 10.2.0.3 P-1366V-10.2.0.4 P-1366V-10.2.0.5 P-1366V-11.1.0.7 P-1366V-11.2.0.2 P-1366V-11.2.0.3; EM Plugin for DB: 12.1.0.1 P-1366V-12.1.0.2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-1366V-EM Base Platform: 10.2.0.5 P-1366V-11.1.0.1; EM DB Control: 10.2.0.3 P-1366V-10.2.0.4 P-1366V-10.2.0.5 P-1366V-11.1.0.7 P-1366V-11.2.0.2 P-1366V-11.2.0.3; EM Plugin for DB: 12.1.0.1 P-1366V-12.1.0.2 Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Database Cloning). Supported versions that are affected are EM Base Platform: 10.2.0.5, 11.1.0.1; EM DB Control: 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3; EM Plugin for DB: 12.1.0.1 and 12.1.0.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Base Platform accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2013-0374 P-1366V-EM Base Platform: 10.2.0.5 P-1366V-11.1.0.1; EM DB Control: 10.2.0.3 P-1366V-10.2.0.4 P-1366V-10.2.0.5 P-1366V-11.1.0.7 P-1366V-11.2.0.2 P-1366V-11.2.0.3; EM Plugin for DB: 12.1.0.1 P-1366V-12.1.0.2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-1366V-EM Base Platform: 10.2.0.5 P-1366V-11.1.0.1; EM DB Control: 10.2.0.3 P-1366V-10.2.0.4 P-1366V-10.2.0.5 P-1366V-11.1.0.7 P-1366V-11.2.0.2 P-1366V-11.2.0.3; EM Plugin for DB: 12.1.0.1 P-1366V-12.1.0.2 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Replication). Supported versions that are affected are 5.1.66 and earlier and 5.1.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all MySQL Server accessible data as well as read access to all MySQL Server accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P+/I:P+/A:N). Fix has been released CVE-2013-0375 P-8478V-5.1.66 and earlier P-8478V-5.1.28 and earlier 5.5 AV:N/AC:L/Au:S/C:P/I:P/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-8478V-5.1.66 and earlier P-8478V-5.1.28 and earlier Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Diagnostics). Supported versions that are affected are 11.5.10.2, 12.0.6 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Applications Framework accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2013-0376 P-1472V-11.5.10.2 P-1472V-12.0.6 P-1472V-12.1.3 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-1472V-11.5.10.2 P-1472V-12.0.6 P-1472V-12.1.3 Vulnerability in the Oracle Applications Technology Stack component of Oracle E-Business Suite (subcomponent: Client System Analyzer). Supported versions that are affected are 11.5.10.2, 12.0.6 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Applications Technology Stack accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2013-0377 P-1745V-11.5.10.2 P-1745V-12.0.6 P-1745V-12.1.3 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-1745V-11.5.10.2 P-1745V-12.0.6 P-1745V-12.1.3 Vulnerability in the Siebel CRM component of Oracle Siebel CRM (subcomponent: Siebel Calendar). Supported versions that are affected are 8.1.1 and 8.2.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Siebel CRM accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2013-0378 P-9747V-8.1.1 P-9747V-8.2.2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-9747V-8.1.1 P-9747V-8.2.2 Vulnerability in the Siebel CRM component of Oracle Siebel CRM (subcomponent: Siebel Calendar). Supported versions that are affected are 8.1.1 and 8.2.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Siebel CRM accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2013-0379 P-9747V-8.1.1 P-9747V-8.2.2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-9747V-8.1.1 P-9747V-8.2.2 Vulnerability in the Oracle Payroll component of Oracle E-Business Suite (subcomponent: View Payslip). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.1, 12.1.2 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Payroll accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2013-0380 P-506V-11.5.10.2 P-506V-12.0.6 P-506V-12.1.1 P-506V-12.1.2 P-506V-12.1.3 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-506V-11.5.10.2 P-506V-12.0.6 P-506V-12.1.1 P-506V-12.1.2 P-506V-12.1.3 Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Application Framework). Supported versions that are affected are 11.5.10.2, 12.0.6 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle CRM Technical Foundation accessible data as well as read access to all Oracle CRM Technical Foundation accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:N). Fix has been released CVE-2013-0381 P-1199V-11.5.10.2 P-1199V-12.0.6 P-1199V-12.1.3 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-1199V-11.5.10.2 P-1199V-12.0.6 P-1199V-12.1.3 Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: Campaign Management). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Marketing accessible data as well as read access to all Oracle Marketing accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P+/I:P+/A:N). Fix has been released CVE-2013-0382 P-229V-11.5.10.2 P-229V-12.0.6 P-229V-12.1.1 P-229V-12.1.2 P-229V-12.1.3 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-229V-11.5.10.2 P-229V-12.0.6 P-229V-12.1.1 P-229V-12.1.2 P-229V-12.1.3 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Locking). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS Base Score 4.3 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P). Fix has been released CVE-2013-0383 P-8478V-5.1.66 and earlier P-8478V-5.5.28 and earlier 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-8478V-5.1.66 and earlier P-8478V-5.5.28 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Information Schema). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 6.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C). Fix has been released CVE-2013-0384 P-8478V-5.1.66 and earlier P-8478V-5.5.28 and earlier 6.8 AV:N/AC:L/Au:S/C:N/I:N/A:C CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-8478V-5.1.66 and earlier P-8478V-5.5.28 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Replication). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized write access to any arbitrary Operating System location as well as read access to any arbitrary Operating System location. CVSS Base Score 6.6 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:N). Oracle Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:N). Fix has been released CVE-2013-0385 P-8478V-5.1.66 and earlier P-8478V-5.5.28 and earlier 6.6 AV:L/AC:L/Au:N/C:C/I:C/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-8478V-5.1.66 and earlier P-8478V-5.5.28 and earlier Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 6.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C). Fix has been released CVE-2013-0386 P-8478V-5.5.28 and earlier 6.8 AV:N/AC:L/Au:S/C:N/I:N/A:C CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-8478V-5.5.28 and earlier Vulnerability in the PeopleSoft PeopleTools component of Oracle PeopleSoft Products (subcomponent: PeopleCode). Supported versions that are affected are 8.51 and 8.52. Difficult to exploit vulnerability allows successful network attacks via HTTP, requiring multiple authentications. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft PeopleTools accessible data as well as read access to a subset of PeopleSoft PeopleTools accessible data. CVSS Base Score 4.3 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:M/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:M/C:P/I:P/A:N). Fix has been released CVE-2013-0387 P-5085V-8.51 P-5085V-8.52 4.3 AV:N/AC:M/Au:M/C:P/I:P/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-5085V-8.51 P-5085V-8.52 Vulnerability in the PeopleSoft HRMS component of Oracle PeopleSoft Products (subcomponent: Mobile Company Directory). The supported version that is affected is 9.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft HRMS accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2013-0388 P-5071V-9.1 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-5071V-9.1 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 6.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C). Fix has been released CVE-2013-0389 P-8478V-5.1.66 and earlier P-8478V-5.5.28 and earlier 6.8 AV:N/AC:L/Au:S/C:N/I:N/A:C CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-8478V-5.1.66 and earlier P-8478V-5.5.28 and earlier Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Bookmarkable Pages). Supported versions that are affected are 11.5.10.2, 12.0.6 and 12.1.3. Very difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Applications Framework accessible data. CVSS Base Score 2.1 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:H/Au:S/C:N/I:P/A:N). Fix has been released CVE-2013-0390 P-1472V-11.5.10.2 P-1472V-12.0.6 P-1472V-12.1.3 2.1 AV:N/AC:H/Au:S/C:N/I:P/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-1472V-11.5.10.2 P-1472V-12.0.6 P-1472V-12.1.3 Vulnerability in the PeopleSoft PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security). The supported version that is affected is 8.52. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft PeopleTools accessible data as well as read access to a subset of PeopleSoft PeopleTools accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). Fix has been released CVE-2013-0391 P-5085V-8.52 5.5 AV:N/AC:L/Au:S/C:P/I:P/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-5085V-8.52 Vulnerability in the PeopleSoft PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.51 and 8.52. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft PeopleTools accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). Fix has been released CVE-2013-0392 P-5085V-8.51 P-5085V-8.52 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-5085V-8.51 P-5085V-8.52 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.3.7 and 8.4. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Fix has been released CVE-2013-0393 P-2276V-8.3.7 P-2276V-8.4 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-2276V-8.3.7 P-2276V-8.4 Vulnerability in the PeopleSoft HRMS component of Oracle PeopleSoft Products (subcomponent: Candidate Gateway). Supported versions that are affected are 9.0 and 9.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft HRMS accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2013-0394 P-5043V-9.0 P-5043V-9.1 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-5043V-9.0 P-5043V-9.1 Vulnerability in the PeopleSoft PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 8.51 and 8.52. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft PeopleTools accessible data. CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). Fix has been released CVE-2013-0395 P-5085V-8.51 P-5085V-8.52 4.0 AV:N/AC:L/Au:S/C:N/I:P/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-5085V-8.51 P-5085V-8.52 Vulnerability in the APM - Application Performance Management component of Oracle Enterprise Manager Grid Control (subcomponent: Business Transaction Management). Supported versions that are affected are 6.5, 11.1 and 12.1.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all APM - Application Performance Management accessible data. CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:P+/A:N). Fix has been released CVE-2013-0396 P-9572V-6.5 P-9572V-11.1 P-9572V-12.1.0.2 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-9572V-6.5 P-9572V-11.1 P-9572V-12.1.0.2 Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Diagnostics). Supported versions that are affected are 11.5.10.2, 12.0.6 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Applications Framework accessible data as well as read access to a subset of Oracle Applications Framework accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). Fix has been released CVE-2013-0397 P-1472V-11.5.10.2 P-1472V-12.0.6 P-1472V-12.1.3 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-1472V-11.5.10.2 P-1472V-12.0.6 P-1472V-12.1.3 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Utility/Umount). Supported versions that are affected are 9 and 10. Difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:S/C:C/I:C/A:C). Oracle Vector: (AV:L/AC:M/Au:S/C:C/I:C/A:C). Fix has been released CVE-2013-0399 P-10006V-9 P-10006V-10 6.6 AV:L/AC:M/Au:S/C:C/I:C/A:C CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-10006V-9 P-10006V-10 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Filesystem/Cachefs). Supported versions that are affected are 9 and 10. Difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:S/C:C/I:C/A:C). Oracle Vector: (AV:L/AC:M/Au:S/C:C/I:C/A:C). Fix has been released CVE-2013-0400 P-10006V-9 P-10006V-10 6.6 AV:L/AC:M/Au:S/C:C/I:C/A:C CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-10006V-9 P-10006V-10 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Filesystem/cachefs). Supported versions that are affected are 9 and 10. Difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:S/C:C/I:C/A:C). Oracle Vector: (AV:L/AC:M/Au:S/C:C/I:C/A:C). Fix has been released CVE-2013-0400 P-10006V-9 P-10006V-10 6.6 AV:L/AC:M/Au:S/C:C/I:C/A:C CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-10006V-9 P-10006V-10 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel/DTrace Framework). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 4.6 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:N/I:N/A:C). Oracle Vector: (AV:L/AC:L/Au:S/C:N/I:N/A:C). Fix has been released CVE-2013-0407 P-10006V-10 P-10006V-11 4.6 AV:L/AC:L/Au:S/C:N/I:N/A:C CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-10006V-10 P-10006V-11 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Utility/ksh93). The supported version that is affected is 11. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 3.3 (Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P). Oracle Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P). Fix has been released CVE-2013-0414 P-10006V-11 3.3 AV:L/AC:M/Au:N/C:N/I:P/A:P CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-10006V-11 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:S/C:C/I:C/A:C). Oracle Vector: (AV:L/AC:H/Au:S/C:C/I:C/A:C). Fix has been released CVE-2013-0415 P-10006V-10 6.0 AV:L/AC:H/Au:S/C:C/I:C/A:C CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-10006V-10 Vulnerability in the Sun Storage Common Array Manager (CAM) component of Oracle Sun Products Suite (subcomponent: Fault Management System (FMS)). The supported version that is affected is 6.9.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Sun Storage Common Array Manager (CAM) accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). Fix has been released CVE-2013-0417 P-10024V-6.9.0 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-10024V-6.9.0 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.3.7 and 8.4. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Oracle Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). Fix has been released CVE-2013-0418 P-2276V-8.3.7 P-2276V-8.4 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-2276V-8.3.7 P-2276V-8.4 Vulnerability in the VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are 4.0, 4.1 and 4.2. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of VirtualBox as well as update, insert or delete access to some VirtualBox accessible data. CVSS Base Score 2.4 (Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:S/C:N/I:P/A:P). Oracle Vector: (AV:L/AC:H/Au:S/C:N/I:P/A:P+). Fix has been released CVE-2013-0420 P-8370V-4.0 P-8370V-4.1 P-8370V-4.2 2.4 AV:L/AC:H/Au:S/C:N/I:P/A:P CPUJan2013 Oracle customers with valid support contracts http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html P-8370V-4.0 P-8370V-4.1 P-8370V-4.2