Oracle Critical Patch Update Advisory - July 2019 - Oracle CVRF Oracle Critical Patch Update Advisory CPUJul2019 Final 2 2 2019-07-17T12:03:00-07:00 Updated affected versions for CVE-2019-2856. 2019-07-16T13:00:00-07:00 2019-07-17T12:03:00-07:00 This document contains descriptions of Oracle product security vulnerabilities which have had security patches released for all supported versions and platforms for the associated product. Additional information regarding these vulnerabilities including security patch distribution information can be found at the Oracle sites referenced in this document. This document is published at: https://www.oracle.com/a/tech/docs/5572395.xml https://www.oracle.com/security-alerts/cpujul2019-5072835.html URL to html version of Advisory 162187647 162187647 Narendra Singh Abbas Mamoun Abbas Mamoun Abid Gul Shahid Abid Gul Shahid Alexander Kornbrust Red Database Security Andrej Simko Accenture Andrej Simko of Accenture working with iDefense Labs Andres Georgieff Sandia National Laboratories Andrzej Dyjak sigsegv.pl Anonymous researcher working with Trend Micro's Zero Day Initiative Anthony Laou Hine Tsuei working with Trend Micro Zero Day Initiative Bartlomiej Bergier Bibek Shah Bibek Shah Brian Healy Sandia National Laboratories Cornelius Aschermann Ruhr-University Bochum Dasari Narendra Dasari Narendra Devin Rosenbauer Identity Works LLC Ephem Ephem Fabio Pires NCC Group Gaston Traberg Onapsis George R Giuseppino Cadeddu Quantum Leap Hanno Böck Hanno Böck Harold Fang Harold Fang Jan Kopriva Alef Nula Jason Matthyser of MWR Labs working with Trend Micro Zero Day Initiative Jayson Grace Sandia National Laboratories Jonathan Birch Microsoft Corp. Jonathan Leitschuh Jonathan Leitschuh Juraj Somorovsky Ruhr-University Bochum Kamlapati Choubey of Trend Micro working with Trend Micro's Zero Day Initiative Keegan Ryan NCC Group Lionel Debroux Lionel Debroux Luca Moro of Synacktiv Lucas Dinucci Lucas Dinucci Lukasz Mikula LUKASZ MIKULA Manuel Rigger Eth Zurich Marcin Wołoszyn ING Services Polska Markus Wulftange of Code White GmbH Martin Doyhenard Onapsis Mateusz Jurczyk of Google Project Zero Mathew Nash NCC Group Matthias Kaiser of Apple Information Security Minle Chen PingAn Galaxy Lab Mirza Burhan Baig Dig8Labs Nati Nimni Microsoft Corp. Naveen Kumar Nimrod Aviram Nimrod Aviram Or Hanuka Motorola Solutions Patrick Samuel Patrick Samuel Peter Dettman cryptoworkshop.com Raju Mogulapalli of Rheem Manufacturing Robert Merget of Ruhr-University Bochum Sarath Nair Sarath Nair Sergej Schumilo Ruhr-University Bochum Simon Worner Steven Seeley of Source Incite working with iDefense Suhas Nayak Suhas Nayak Tilman Hausherr Tzachy Horesh Motorola Solutions Ubais PK Ubais PK Vahagn Vardanyan Vahagn Vardanyan Vladimir Egorov Vladimir Egorov Wai Yan Aung William Bonnaventure University of Luxembourg Huyna of Viettel Cyber Security working with Trend Micro Zero Day Initiative lofiboy of VinCSS (Vingroup) working with Trend Micro Zero Day Initiative rgod of 9sg Security Team working with Trend Micro's Zero Day Initiative Berkeley DB Version 12.1.6.1.23 Berkeley DB Version 12.1.6.1.26 Berkeley DB Version 12.1.6.1.29 Berkeley DB Version 12.1.6.1.36 Berkeley DB Version 12.1.6.2.23 Berkeley DB Version 12.1.6.2.32 Communications Converged Application Server Version 5.1 Communications Converged Application Server Version 7.0 Communications Converged Application Server Version 7.1 Communications Converged Application Server - Service Controller Version 6.0 Communications Converged Application Server - Service Controller Version 6.1 Communications Interactive Session Recorder Version 6.0 Communications Interactive Session Recorder Version 6.1 Communications Interactive Session Recorder Version 6.2 Communications EAGLE (Software) Version 46.5 Communications EAGLE (Software) Version 46.6 Communications EAGLE (Software) Version 46.7 Communications Application Session Controller Version 3.7.1 Communications Application Session Controller Version 3.8.0 Communications Diameter Signaling Router (DSR) Version 8.0 Communications Diameter Signaling Router (DSR) Version 8.1 Communications Diameter Signaling Router (DSR) Version 8.2 Communications Diameter Signaling Router (DSR) Version 8.3 Primavera Analytics Version 18.8 Primavera Unifier Version 16.1 Primavera Unifier Version 16.2 Primavera Unifier Version 17.7-17.12 Primavera Unifier Version 18.8 Instantis EnterpriseTrack Version 17.1 Instantis EnterpriseTrack Version 17.2 Instantis EnterpriseTrack Version 17.3 Primavera Gateway Version 15.2 Primavera Gateway Version 16.2 Primavera Gateway Version 17.12 Primavera Gateway Version 18.8 Database - Enterprise Edition Version 11.2.0.4 Database - Enterprise Edition Version 12.1.0.2 Database - Enterprise Edition Version 12.2.0.1 Database - Enterprise Edition Version 18c Database - Enterprise Edition Version 19c Text Version 11.2.0.4 Text Version 12.1.0.2 Text Version 12.2.0.1 Text Version 18c Text Version 19c ODBC Driver Version 11.2.0.4 ODBC Driver Version 12.1.0.2 ODBC Driver Version 12.2.0.1 ODBC Driver Version 18c Spatial and Graph Version 12.2.0.1 Spatial and Graph Version 18c Application Express (APEX) Version 18.2 Application Express (APEX) Version 5.1 Applications Manager Version 12.1.3 Applications Manager Version 12.2.3 - 12.2.8 Payments Version 12.1.1 - 12.1.3 Payments Version 12.2.3 - 12.2.8 iSupport Version 12.1.1 - 12.1.3 iSupport Version 12.2.3 - 12.2.8 Application Object Library Version 12.1.3 Application Object Library Version 12.2.3 - 12.2.8 Field Service Version 12.1.1 - 12.1.3 Field Service Version 12.2.3 - 12.2.8 iRecruitment Version 12.1.1 - 12.1.3 iRecruitment Version 12.2.3 - 12.2.8 CRM Technical Foundation Version 12.1.3 CRM Technical Foundation Version 12.2.3 - 12.2.8 One-to-One Fulfillment Version 12.1.1 - 12.1.3 One-to-One Fulfillment Version 12.2.3 - 12.2.8 Enterprise Manager for Fusion Middleware Version 13.2 Enterprise Manager for Fusion Middleware Version 13.3 Enterprise Manager Base Platform Version 12.1.0.5.0 Enterprise Manager Base Platform Version 13.2.0.0.0 Enterprise Manager Base Platform Version 13.3.0.0.0 Application Testing Suite Version 13.1 Application Testing Suite Version 13.2 Application Testing Suite Version 13.3 Enterprise Manager for Virtualization Version 13.1 Enterprise Manager for Virtualization Version 13.2 Enterprise Manager for Virtualization Version 13.3 Enterprise Manager Ops Center Version 12.3.3 Enterprise Manager Ops Center Version 12.4.0 Financial Services Revenue Management and Billing Version 2.4.0.0 Financial Services Revenue Management and Billing Version 2.4.0.1 Financial Services Profitability Management Version 8.0.4-8.0.7 Financial Services Funds Transfer Pricing Version 8.0.4-8.0.7 Financial Services Funds Transfer Pricing Version 8.0.6-8.0.7 Financial Services Asset Liability Management Version 8.0.4-8.0.7 Financial Services Analytical Applications Infrastructure Version 7.3.3-7.3.5 Financial Services Analytical Applications Infrastructure Version 8.0.2-8.0.8 Financial Services Analytical Applications Infrastructure Version 8.0.5-8.0.8 Financial Services Analytical Applications Reconciliation Framework Version 8.0.4-8.0.7 Financial Services Price Creation and Discovery Version 8.0.4-8.0.7 FLEXCUBE Universal Banking Version 12.0.1-12.0.3 FLEXCUBE Universal Banking Version 12.1.0 FLEXCUBE Universal Banking Version 12.1.0-12.4.0 FLEXCUBE Universal Banking Version 14.0.0-14.2.0 Financial Services Liquidity Risk Management Version 8.0.1 Financial Services Liquidity Risk Management Version 8.0.2 Financial Services Liquidity Risk Management Version 8.0.4 Financial Services Liquidity Risk Management Version 8.0.5 Financial Services Liquidity Risk Management Version 8.0.6 FLEXCUBE Investor Servicing Version 12.0.1 FLEXCUBE Investor Servicing Version 12.0.3 FLEXCUBE Investor Servicing Version 12.0.4 FLEXCUBE Investor Servicing Version 12.1.0 FLEXCUBE Investor Servicing Version 12.3.0 FLEXCUBE Investor Servicing Version 12.4.0 FLEXCUBE Investor Servicing Version 14.0.0 FLEXCUBE Investor Servicing Version 14.1.0 FLEXCUBE Enterprise Limits and Collateral Management Version 12.0 FLEXCUBE Enterprise Limits and Collateral Management Version 12.1 FLEXCUBE Core Banking Version 11.6.0 FLEXCUBE Core Banking Version 11.7.0 FLEXCUBE Core Banking Version 11.8.0 FLEXCUBE Core Banking Version 5.2.0 FLEXCUBE Private Banking Version 12.0.1 FLEXCUBE Private Banking Version 12.0.3 FLEXCUBE Private Banking Version 12.1.0 Banking Platform Version 2.4.0-2.7.1 Financial Services Data Foundation Version 8.0.4-8.0.8 Financial Services Hedge Management and IFRS Valuations Version 8.0.4-8.0.7 Financial Services Basel Regulatory Capital Internal Ratings Based Approach Version 8.0.4-8.0.7 Financial Services Loan Loss Forecasting and Provisioning Version 8.0.2-8.0.7 Financial Services Basel Regulatory Capital Basic Version 8.0.4-8.0.7 Insurance Data Foundation Version 8.0.4-8.0.7 Financial Services Retail Customer Analytics Version 8.0.4-8.0.6 Financial Services Institutional Performance Analytics Version 8.0.4-8.0.7 Insurance Performance Insight Version 8.0.7 Financial Services Data Integration Hub Version 8.0.5-8.0.7 Financial Services - Regulatory Reporting for Reserve Bank of India - Lombard Risk Integration Pack Version 8.0.7 Financial Services - Regulatory Reporting for US Federal Reserve - Lombard Risk Integration Pack Version 8.0.4-8.0.7 Financial Services Regulatory Reporting for US Federal Reserve Version 8.0.4-8.0.7 Financial Services Market Risk Measurement and Management Version 8.0.5 Financial Services Market Risk Measurement and Management Version 8.0.6 Financial Services Market Risk Measurement and Management Version 8.0.8 Financial Services Regulatory Reporting for European Banking Authority Version 8.0.6 Financial Services Regulatory Reporting for European Banking Authority Version 8.0.7 Financial Services Regulatory Reporting for European Banking Authority - Integration Pack for Lombard Risk Version 8.0.6 Financial Services Regulatory Reporting for European Banking Authority - Integration Pack for Lombard Risk Version 8.0.7 Financial Services Liquidity Risk Measurement and Management Version 8.0.7 Financial Services Liquidity Risk Measurement and Management Version 8.0.8 Insurance Accounting Analyzer Version 8.0.6 Insurance Accounting Analyzer Version 8.0.7 Insurance Allocation Manager for Enterprise Profitability Version 8.0.8 Hospitality Simphony Version 18.2.1 Hospitality Gift and Loyalty Version 9.0.0 Hospitality Gift and Loyalty Version 9.1.0 Security Service Version 11.1.1.9.0 Security Service Version 12.1.3.0.0 Security Service Version 12.2.1.3.0 HTTP Server Version 12.1.3.0.0 HTTP Server Version 12.2.1.3.0 SOA Suite Version 12.2.1.3.0 BI Publisher (formerly XML Publisher) Version 11.1.1.9.0 BI Publisher (formerly XML Publisher) Version 12.2.1.3.0 BI Publisher (formerly XML Publisher) Version 12.2.1.4.0 Identity Manager Version 11.1.2.3.0 Identity Manager Version 12.2.1.3.0 Business Intelligence Enterprise Edition Version 11.1.1.9.0 Business Intelligence Enterprise Edition Version 12.2.1.4.0 Data Integrator Version 12.2.1.3.0 Outside In Technology Version 8.5.4 WebLogic Server Version 10.3.6.0.0 WebLogic Server Version 12.1.3.0.0 WebLogic Server Version 12.2.1.3.0 Enterprise Repository Version 12.1.3.0.0 WebCenter Sites Version 12.2.1.3.0 Endeca Server Version 7.7.0 Endeca Information Discovery Integrator Version 3.2.0 Global Lifecycle Management OPatchAuto Version Prior to 12.2.0.1.14 GraalVM Enterprise Edition Version 19.0.0 Hospitality Guest Access Version 4.2 Hospitality Guest Access Version 4.2.1 Hospitality Suite8 Version 8.10.2 Hospitality Suite8 Version 8.11-8.14 Hospitality Suite8 Version 8.9.6 Hyperion BI+ Version 11.1.2.4 Hyperion Planning Version 11.1.2.4 Insurance Policy Administration J2EE Version 10.0 Insurance Policy Administration J2EE Version 10.1 Insurance Policy Administration J2EE Version 10.2 Insurance Policy Administration J2EE Version 11.0 Insurance Rules Palette Version 10.0 Insurance Rules Palette Version 10.1 Insurance Rules Palette Version 10.2 Insurance Rules Palette Version 11.0 Insurance Calculation Engine Version 10.0 Insurance Calculation Engine Version 10.1 Insurance Calculation Engine Version 10.2 Insurance Calculation Engine Version 9.7 JD Edwards EnterpriseOne Tools Version 9.2 JD Edwards World Security Version A9.3 JD Edwards World Security Version A9.3.1 JD Edwards World Security Version A9.4 Java SE JDK and JRE Version 11.0.3 Java SE JDK and JRE Version 12.0.1 Java SE JDK and JRE Version 12.0.1; Java SE Embedded: 8u211 Java SE JDK and JRE Version 8u212 Java SE JDK and JRE Version Java SE: 11.0.3 Java SE JDK and JRE Version Java SE: 7u221 Java SE JDK and JRE Version Java SE: 8u212 MySQL Workbench Version 8.0.16 and prior MySQL Server Version 5.6.44 and prior MySQL Server Version 5.7.18 and prior MySQL Server Version 5.7.23 and prior MySQL Server Version 5.7.25 and prior MySQL Server Version 5.7.26 and prior MySQL Server Version 8.0.12 and prior MySQL Server Version 8.0.15 and prior MySQL Server Version 8.0.16 and prior MySQL Enterprise Monitor Version 4.0.9 and prior MySQL Enterprise Monitor Version 8.0.14 and prior PeopleSoft Enterprise FIN Project Costing Version 9.2 PeopleSoft Enterprise PT PeopleTools Version 8.55 PeopleSoft Enterprise PT PeopleTools Version 8.56 PeopleSoft Enterprise PT PeopleTools Version 8.57 Retail Advanced Inventory Planning Version 15.0 Retail Integration Bus Version 15.0 Retail Integration Bus Version 16.0 Retail Predictive Application Server Version 14.0.3.26 Retail Predictive Application Server Version 14.1.3.37 Retail Predictive Application Server Version 15.0.3.100 Retail Financial Integration Version 14.0 Retail Financial Integration Version 14.1 Retail Financial Integration Version 15.0 Retail Financial Integration Version 16.0 Retail Service Backbone Version 16.0.1 XBRi Cloud Service Version 10.8.0 - 10.8.3 Retail Xstore Point of Service Version 15.0 Retail Xstore Point of Service Version 16.0 Retail Xstore Point of Service Version 17.0 Retail Xstore Point of Service Version 18.0 Retail Xstore Point of Service Version 7.0 Retail Xstore Point of Service Version 7.1 Retail Order Management System Cloud Service Version 5.0 Retail Order Broker Cloud Service Version 15.0 Retail Order Broker Cloud Service Version 5.2 Retail Xstore Office Version 7.0 Retail Xstore Office Version 7.1 MICROS Retail-J Version 12.1.0 MICROS Retail-J Version 12.1.1 MICROS Retail-J Version 12.1.2 MICROS Retail-J Version 13.1 Retail Customer Management and Segmentation Foundation Version 16.0 Retail Customer Management and Segmentation Foundation Version 17.0 Retail Customer Management and Segmentation Foundation Version 18.0 Siebel Core - Server Framework Version 19.0 and prior Siebel UI Framework Version 19.0 and prior Siebel Core - Common Components Version 19.0 and prior Transportation Management Version 6.3.7 Demantra Demand Management Version 7.3.1.5.2 Agile Engineering Data Management Version 6.2.0 Agile Engineering Data Management Version 6.2.1 Agile PLM Framework Version 9.3.3 Agile PLM Framework Version 9.3.4 Agile PLM Framework Version 9.3.5 Agile PLM Framework Version 9.3.6 OSS Support Tools Version 19.2 OSS Support Tools Version Prior to 2.12.36 Solaris Operating System Version 10 Solaris Operating System Version 11.3 Solaris Operating System Version 11.4 Sun ZFS Storage Appliance Kit (AK) Software Version 8.8.3 Tape General STA - StorageTek Tape Analytics SW Tool Version 2.3.0 Tape Virtual VSM GUI - Virtual Storage Manager GUI Version 6.2 Utilities Framework Version 4.3.0.2.0-4.3.0.6.0 Utilities Framework Version 4.4.0.0.0 Utilities Advanced Spatial and Operational Analytics Version 2.7.0.1 VM VirtualBox Version Prior to 5.2.32 VM VirtualBox Version prior to 6.0.10 Vulnerability in the Oracle Insurance IFRS 17 Analyzer product of Oracle Financial Services Applications (component: UI (Beanutils)). Supported versions that are affected are 8.0.6 and 8.0.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance IFRS 17 Analyzer. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Insurance IFRS 17 Analyzer accessible data as well as unauthorized read access to a subset of Oracle Insurance IFRS 17 Analyzer accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Insurance IFRS 17 Analyzer. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Security patch has been released CVE-2014-0114 P-13809V-8.0.6 P-13809V-8.0.7 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-13809V-8.0.6 P-13809V-8.0.7 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security (Apache WSS4J)). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2015-0226 P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: BI Platform Security (jQuery)). Supported versions that are affected are 11.1.1.9.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2015-9251 P-2025V-11.1.1.9.0 P-2025V-12.2.1.4.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-2025V-11.1.1.9.0 P-2025V-12.2.1.4.0 Vulnerability in the Oracle Communications Application Session Controller product of Oracle Communications (component: Security (jQuery)). Supported versions that are affected are 3.7.1 and 3.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Application Session Controller. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Application Session Controller, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Application Session Controller accessible data as well as unauthorized read access to a subset of Oracle Communications Application Session Controller accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2015-9251 P-10769V-3.7.1 P-10769V-3.8.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10769V-3.7.1 P-10769V-3.8.0 Vulnerability in the Diagnostic Assistant product of Oracle Support Tools (component: Libraries (Jsch and jQuery)). The supported version that is affected is Prior to 2.12.36. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Diagnostic Assistant. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Diagnostic Assistant, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Diagnostic Assistant accessible data as well as unauthorized read access to a subset of Diagnostic Assistant accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2015-9251 P-1330V-Prior to 2.12.36 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-1330V-Prior to 2.12.36 Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Core (jQuery)). Supported versions that are affected are 16.1, 16.2, 17.7-17.12 and 18.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Unifier, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Unifier accessible data as well as unauthorized read access to a subset of Primavera Unifier accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2015-9251 P-10354V-16.1 P-10354V-16.2 P-10354V-17.7-17.12 P-10354V-18.8 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10354V-16.1 P-10354V-16.2 P-10354V-17.7-17.12 P-10354V-18.8 Vulnerability in the Oracle Agile Engineering Data Management product of Oracle Supply Chain (component: Installation Issues (Apache Commons FileUpload)). Supported versions that are affected are 6.2.0 and 6.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile Engineering Data Management. Successful attacks of this vulnerability can result in takeover of Oracle Agile Engineering Data Management. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2016-1000031 P-4436V-6.2.0 P-4436V-6.2.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-4436V-6.2.0 P-4436V-6.2.1 Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Load Testing for Web Apps (Apache Commons FileUpload)). Supported versions that are affected are 13.1, 13.2 and 13.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in takeover of Oracle Application Testing Suite. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2016-1000031 P-4622V-13.1 P-4622V-13.2 P-4622V-13.3 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-4622V-13.1 P-4622V-13.2 P-4622V-13.3 Vulnerability in the Oracle Communications Application Session Controller product of Oracle Communications (component: Security (Apache Commons FileUpload)). Supported versions that are affected are 3.7.1 and 3.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Application Session Controller. Successful attacks of this vulnerability can result in takeover of Oracle Communications Application Session Controller. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2016-1000031 P-10769V-3.7.1 P-10769V-3.8.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10769V-3.7.1 P-10769V-3.8.0 Vulnerability in the Oracle FLEXCUBE Core Banking product of Oracle Financial Services Applications (component: Securities (Apache Commons FileUpload)). Supported versions that are affected are 5.2.0, 11.6.0, 11.7.0 and 11.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Core Banking. Successful attacks of this vulnerability can result in takeover of Oracle FLEXCUBE Core Banking. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2016-1000031 P-9101V-5.2.0 P-9101V-11.6.0 P-9101V-11.7.0 P-9101V-11.8.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-9101V-5.2.0 P-9101V-11.6.0 P-9101V-11.7.0 P-9101V-11.8.0 Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management product of Oracle Financial Services Applications (component: Infrastructure (Apache Commons FileUpload)). Supported versions that are affected are 12.0 and 12.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in takeover of Oracle FLEXCUBE Enterprise Limits and Collateral Management. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2016-1000031 P-9100V-12.0 P-9100V-12.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-9100V-12.0 P-9100V-12.1 Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure (Apache Commons FileUpload)). Supported versions that are affected are 12.0.1-12.0.3 and 12.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in takeover of Oracle FLEXCUBE Universal Banking. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2016-1000031 P-9052V-12.0.1-12.0.3 P-9052V-12.1.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-9052V-12.0.1-12.0.3 P-9052V-12.1.0 Vulnerability in the Oracle Insurance Calculation Engine product of Oracle Insurance Applications (component: Core (Apache Commons FileUpload)). Supported versions that are affected are 9.7, 10.0, 10.1 and 10.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Calculation Engine. Successful attacks of this vulnerability can result in takeover of Oracle Insurance Calculation Engine. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2016-1000031 P-10837V-9.7 P-10837V-10.0 P-10837V-10.1 P-10837V-10.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10837V-9.7 P-10837V-10.0 P-10837V-10.1 P-10837V-10.2 Vulnerability in the Oracle Insurance Policy Administration J2EE product of Oracle Insurance Applications (component: Core (Apache Commons FileUpload)). Supported versions that are affected are 10.0, 10.1, 10.2 and 11.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Policy Administration J2EE. Successful attacks of this vulnerability can result in takeover of Oracle Insurance Policy Administration J2EE. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2016-1000031 P-5279V-10.0 P-5279V-10.1 P-5279V-10.2 P-5279V-11.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-5279V-10.0 P-5279V-10.1 P-5279V-10.2 P-5279V-11.0 Vulnerability in the Oracle Insurance Rules Palette product of Oracle Insurance Applications (component: Core (Apache Commons FileUpload)). Supported versions that are affected are 10.0, 10.1, 10.2 and 11.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Rules Palette. Successful attacks of this vulnerability can result in takeover of Oracle Insurance Rules Palette. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2016-1000031 P-5288V-10.0 P-5288V-10.1 P-5288V-10.2 P-5288V-11.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-5288V-10.0 P-5288V-10.1 P-5288V-10.2 P-5288V-11.0 Vulnerability in the Oracle Retail Integration Bus product of Oracle Retail Applications (component: RIB Kernal (Apache Commons FileUpload)). Supported versions that are affected are 15.0 and 16.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Integration Bus. Successful attacks of this vulnerability can result in takeover of Oracle Retail Integration Bus. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2016-1000031 P-1807V-15.0 P-1807V-16.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-1807V-15.0 P-1807V-16.0 Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI (Apache Commons FileUpload)). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Sites. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2016-1000031 P-9617V-12.2.1.3.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-9617V-12.2.1.3.0 Vulnerability in the MICROS Retail XBRi Loss Prevention product of Oracle Retail Applications (component: Retail (Apache Commons FileUpload)). Supported versions that are affected are 10.8.0 - 10.8.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail XBRi Loss Prevention. Successful attacks of this vulnerability can result in takeover of MICROS Retail XBRi Loss Prevention. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2016-1000031 P-11506V-10.8.0 - 10.8.3 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-11506V-10.8.0 - 10.8.3 Vulnerability in the Oracle Retail Order Management System product of Oracle Retail Applications (component: Upgrade Install (Apache Struts 1)). The supported version that is affected is 5.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Order Management System. Successful attacks of this vulnerability can result in takeover of Oracle Retail Order Management System. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2016-1181 P-11519V-5.0 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-11519V-5.0 Vulnerability in the Oracle Utilities Framework product of Oracle Utilities Applications (component: Scripting (Groovy)). Supported versions that are affected are 4.3.0.2.0-4.3.0.6.0 and 4.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Framework. Successful attacks of this vulnerability can result in takeover of Oracle Utilities Framework. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2016-6814 P-2245V-4.3.0.2.0-4.3.0.6.0 P-2245V-4.4.0.0.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-2245V-4.3.0.2.0-4.3.0.6.0 P-2245V-4.4.0.0.0 Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI (Apache Groovy)). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Sites. CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). Security patch has been released CVE-2016-6814 P-9617V-12.2.1.3.0 9.6 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-9617V-12.2.1.3.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console (jQuery)). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2016-7103 P-5242V-10.3.6.0.0 P-5242V-12.1.3.0.0 P-5242V-12.2.1.3.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-5242V-10.3.6.0.0 P-5242V-12.1.3.0.0 P-5242V-12.2.1.3.0 Vulnerability in the Spatial component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 18c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Spatial. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Spatial. CVSS 3.0 Base Score 3.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L). Security patch has been released CVE-2016-9572 P-619V-12.2.0.1 P-619V-18c 3.5 AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-619V-12.2.0.1 P-619V-18c Vulnerability in the Oracle FLEXCUBE Core Banking product of Oracle Financial Services Applications (component: Security (AntiSamy)). Supported versions that are affected are 5.2.0, 11.6.0, 11.7.0 and 11.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Core Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Core Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Core Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Core Banking accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2017-14735 P-9101V-5.2.0 P-9101V-11.6.0 P-9101V-11.7.0 P-9101V-11.8.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-9101V-5.2.0 P-9101V-11.6.0 P-9101V-11.7.0 P-9101V-11.8.0 Vulnerability in the Oracle Insurance Calculation Engine product of Oracle Insurance Applications (component: Core (AntiSamy)). Supported versions that are affected are 9.7, 10.0, 10.1 and 10.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Calculation Engine. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Insurance Calculation Engine, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Insurance Calculation Engine accessible data as well as unauthorized read access to a subset of Oracle Insurance Calculation Engine accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2017-14735 P-10837V-9.7 P-10837V-10.0 P-10837V-10.1 P-10837V-10.2 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10837V-9.7 P-10837V-10.0 P-10837V-10.1 P-10837V-10.2 Vulnerability in the Oracle Communications EAGLE (Software) product of Oracle Communications (component: Security (OpenSSL)). Supported versions that are affected are 46.5, 46.6 and 46.7. Easily exploitable vulnerability allows low privileged attacker with network access via TLS to compromise Oracle Communications EAGLE (Software). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications EAGLE (Software) accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2017-3736 P-10768V-46.5 P-10768V-46.6 P-10768V-46.7 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10768V-46.5 P-10768V-46.6 P-10768V-46.7 Vulnerability in the Oracle Communications Interactive Session Recorder product of Oracle Communications (component: Security (Apache Log4j)). Supported versions that are affected are 6.0, 6.1 and 6.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Interactive Session Recorder. Successful attacks of this vulnerability can result in takeover of Oracle Communications Interactive Session Recorder. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2017-5645 P-10765V-6.0 P-10765V-6.1 P-10765V-6.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10765V-6.0 P-10765V-6.1 P-10765V-6.2 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Installation SEC (Apache Log4j)). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2017-5645 P-4781V-9.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-4781V-9.2 Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middleware (component: Installation & Templates (Apache Log4j)). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SOA Suite. Successful attacks of this vulnerability can result in takeover of Oracle SOA Suite. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2017-5645 P-1162V-12.2.1.3.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-1162V-12.2.1.3.0 Vulnerability in the Oracle Utilities Advanced Spatial and Operational Analytics product of Oracle Utilities Applications (component: Install (Apache Log4j)). The supported version that is affected is 2.7.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Advanced Spatial and Operational Analytics. Successful attacks of this vulnerability can result in takeover of Oracle Utilities Advanced Spatial and Operational Analytics. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2017-5645 P-8793V-2.7.0.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8793V-2.7.0.1 Vulnerability in the Oracle Communications Interactive Session Recorder product of Oracle Communications (component: Security (Apache Tomcat)). Supported versions that are affected are 6.0, 6.1 and 6.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Interactive Session Recorder. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Interactive Session Recorder accessible data. CVSS 3.0 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2017-5664 P-10765V-6.0 P-10765V-6.1 P-10765V-6.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10765V-6.0 P-10765V-6.1 P-10765V-6.2 Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: Security (Kernel)). Supported versions that are affected are 8.0, 8.1, 8.2 and 8.3. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Diameter Signaling Router (DSR) executes to compromise Oracle Communications Diameter Signaling Router (DSR). While the vulnerability is in Oracle Communications Diameter Signaling Router (DSR), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Diameter Signaling Router (DSR) accessible data. CVSS 3.0 Base Score 5.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N). Security patch has been released CVE-2017-5715 P-10899V-8.0 P-10899V-8.1 P-10899V-8.2 P-10899V-8.3 5.6 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10899V-8.0 P-10899V-8.1 P-10899V-8.2 P-10899V-8.3 Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: Signaling (OpenSSL)). Supported versions that are affected are 8.0, 8.1, 8.2 and 8.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Diameter Signaling Router (DSR). CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2018-0732 P-10899V-8.0 P-10899V-8.1 P-10899V-8.2 P-10899V-8.3 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10899V-8.0 P-10899V-8.1 P-10899V-8.2 P-10899V-8.3 Vulnerability in the Oracle Endeca Server product of Oracle Fusion Middleware (component: Product Code (OpenSSL)). The supported version that is affected is 7.7.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Endeca Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Endeca Server accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2018-0734 P-10217V-7.7.0 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10217V-7.7.0 Vulnerability in the Oracle Communications Application Session Controller product of Oracle Communications (component: Security (cURL)). Supported versions that are affected are 3.7.1 and 3.8.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Application Session Controller. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Application Session Controller. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2018-1000120 P-10769V-3.7.1 P-10769V-3.8.0 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10769V-3.7.1 P-10769V-3.8.0 Vulnerability in the Oracle Data Integrator product of Oracle Fusion Middleware (component: Runtime Java agent for ODI (Bouncy Castle Java Library)). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Data Integrator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Data Integrator accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2018-1000180 P-2196V-12.2.1.3.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-2196V-12.2.1.3.0 Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager (component: Application Replay (Bouncy Castle Java Library)). Supported versions that are affected are 13.2 and 13.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Fusion Middleware accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2018-1000180 P-1369V-13.2 P-1369V-13.3 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-1369V-13.2 P-1369V-13.3 Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCPS / HTTPS to compromise Core RDBMS. Successful attacks of this vulnerability can result in takeover of Core RDBMS. Note: Client Score for CVE-2018-11058 is 8.1 with Attack Complexity as High. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2018-11058 P-5V-11.2.0.4 P-5V-12.1.0.2 P-5V-12.2.0.1 P-5V-18c P-5V-19c 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-5V-11.2.0.4 P-5V-12.1.0.2 P-5V-12.2.0.1 P-5V-18c P-5V-19c Vulnerability in the Oracle Security Service product of Oracle Fusion Middleware (component: SSL API (RSA BSAFE)). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Security Service. Successful attacks of this vulnerability can result in takeover of Oracle Security Service. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2018-11058 P-991V-11.1.1.9.0 P-991V-12.1.3.0.0 P-991V-12.2.1.3.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-991V-11.1.1.9.0 P-991V-12.1.3.0.0 P-991V-12.2.1.3.0 Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Reporting Framework (Apache ActiveMQ)). Supported versions that are affected are 12.1.0.5.0, 13.2.0.0.0 and 13.3.0.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Manager Base Platform accessible data as well as unauthorized access to critical data or complete access to all Oracle Enterprise Manager Base Platform accessible data. CVSS 3.0 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N). Security patch has been released CVE-2018-11775 P-1370V-12.1.0.5.0 P-1370V-13.2.0.0.0 P-1370V-13.3.0.0.0 6.8 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-1370V-12.1.0.5.0 P-1370V-13.2.0.0.0 P-1370V-13.3.0.0.0 Vulnerability in the Oracle Agile Engineering Data Management product of Oracle Supply Chain (component: Installation Issues (Apache Tomcat)). Supported versions that are affected are 6.2.0 and 6.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile Engineering Data Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile Engineering Data Management accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). Security patch has been released CVE-2018-11784 P-4436V-6.2.0 P-4436V-6.2.1 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-4436V-6.2.0 P-4436V-6.2.1 Vulnerability in the MICROS Retail XBRi Loss Prevention product of Oracle Retail Applications (component: Retail (Apache Tomcat)). Supported versions that are affected are 10.8.0 - 10.8.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail XBRi Loss Prevention. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS Retail XBRi Loss Prevention accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). Security patch has been released CVE-2018-11784 P-11506V-10.8.0 - 10.8.3 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-11506V-10.8.0 - 10.8.3 Vulnerability in the Oracle Utilities Advanced Spatial and Operational Analytics product of Oracle Utilities Applications (component: Install (jackson-databind)). The supported version that is affected is 2.7.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Advanced Spatial and Operational Analytics. Successful attacks of this vulnerability can result in takeover of Oracle Utilities Advanced Spatial and Operational Analytics. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2018-12023 P-8793V-2.7.0.1 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8793V-2.7.0.1 Vulnerability in the Oracle Retail Predictive Application Server product of Oracle Retail Applications (component: RPAS Fusion Client (Spring Framework)). Supported versions that are affected are 14.0.3.26, 14.1.3.37 and 15.0.3.100. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Predictive Application Server. Successful attacks of this vulnerability can result in takeover of Oracle Retail Predictive Application Server. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2018-1258 P-1823V-14.0.3.26 P-1823V-14.1.3.37 P-1823V-15.0.3.100 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-1823V-14.0.3.26 P-1823V-14.1.3.37 P-1823V-15.0.3.100 Vulnerability in the Oracle Retail Service Backbone product of Oracle Retail Applications (component: Install (Spring Framework)). The supported version that is affected is 16.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Service Backbone. Successful attacks of this vulnerability can result in takeover of Oracle Retail Service Backbone. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2018-1258 P-10867V-16.0.1 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10867V-16.0.1 Vulnerability in the Oracle Communications Converged Application Server - Service Controller product of Oracle Communications (component: Security (Spring Framework)). Supported versions that are affected are 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Converged Application Server - Service Controller. Successful attacks of this vulnerability can result in takeover of Oracle Communications Converged Application Server - Service Controller. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2018-1275 P-10593V-6.0 P-10593V-6.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10593V-6.0 P-10593V-6.1 Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Security (Spring Framework)). Supported versions that are affected are 9.3.3, 9.3.4, 9.3.5 and 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Agile PLM. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2018-15756 P-4461V-9.3.3 P-4461V-9.3.4 P-4461V-9.3.5 P-4461V-9.3.6 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-4461V-9.3.3 P-4461V-9.3.4 P-4461V-9.3.5 P-4461V-9.3.6 Vulnerability in the Oracle Endeca Information Discovery Integrator product of Oracle Fusion Middleware (component: Other Issues (Spring Framework)). The supported version that is affected is 3.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Endeca Information Discovery Integrator. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Endeca Information Discovery Integrator. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2018-15756 P-10561V-3.2.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10561V-3.2.0 Vulnerability in the Oracle FLEXCUBE Private Banking product of Oracle Financial Services Applications (component: Core (Spring Framework)). Supported versions that are affected are 12.0.1, 12.0.3 and 12.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Private Banking. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2018-15756 P-9110V-12.0.1 P-9110V-12.0.3 P-9110V-12.1.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-9110V-12.0.1 P-9110V-12.0.3 P-9110V-12.1.0 Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure (Spring Framework)). Supported versions that are affected are 8.0.2-8.0.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2018-15756 P-5680V-8.0.2-8.0.8 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-5680V-8.0.2-8.0.8 Vulnerability in the Oracle Insurance Calculation Engine product of Oracle Insurance Applications (component: Core (Spring Framework)). Supported versions that are affected are 9.7, 10.0, 10.1 and 10.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Calculation Engine. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Insurance Calculation Engine. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2018-15756 P-10837V-9.7 P-10837V-10.0 P-10837V-10.1 P-10837V-10.2 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10837V-9.7 P-10837V-10.0 P-10837V-10.1 P-10837V-10.2 Vulnerability in the Oracle Insurance Policy Administration J2EE product of Oracle Insurance Applications (component: Core (Spring Framework)). Supported versions that are affected are 10.0, 10.1, 10.2 and 11.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Policy Administration J2EE. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Insurance Policy Administration J2EE. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2018-15756 P-5279V-10.0 P-5279V-10.1 P-5279V-10.2 P-5279V-11.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-5279V-10.0 P-5279V-10.1 P-5279V-10.2 P-5279V-11.0 Vulnerability in the Oracle Insurance Rules Palette product of Oracle Insurance Applications (component: Core (Spring Framework)). Supported versions that are affected are 10.0, 10.1, 10.2 and 11.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Rules Palette. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Insurance Rules Palette. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2018-15756 P-5288V-10.0 P-5288V-10.1 P-5288V-10.2 P-5288V-11.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-5288V-10.0 P-5288V-10.1 P-5288V-10.2 P-5288V-11.0 Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (Spring Framework)). Supported versions that are affected are 4.0.9 and prior and 8.0.14 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2018-15756 P-8480V-4.0.9 and prior P-8480V-8.0.14 and prior 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8480V-4.0.9 and prior P-8480V-8.0.14 and prior Vulnerability in the Primavera Analytics product of Oracle Construction and Engineering (component: Admin (Spring Framework)). The supported version that is affected is 18.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Analytics. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Analytics. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2018-15756 P-8577V-18.8 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8577V-18.8 Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin (Spring Framework)). Supported versions that are affected are 15.2, 16.2, 17.12 and 18.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Gateway. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Gateway. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2018-15756 P-10605V-15.2 P-10605V-16.2 P-10605V-17.12 P-10605V-18.8 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10605V-15.2 P-10605V-16.2 P-10605V-17.12 P-10605V-18.8 Vulnerability in the Oracle Retail Advanced Inventory Planning product of Oracle Retail Applications (component: Operations & Maintenance (Spring Framework)). The supported version that is affected is 15.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Advanced Inventory Planning. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Advanced Inventory Planning. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2018-15756 P-1785V-15.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-1785V-15.0 Vulnerability in the Oracle Retail Financial Integration product of Oracle Retail Applications (component: PeopleSoft Integration Bugs (Spring Framework)). Supported versions that are affected are 14.0, 14.1, 15.0 and 16.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Financial Integration. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Financial Integration. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2018-15756 P-10722V-14.0 P-10722V-14.1 P-10722V-15.0 P-10722V-16.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10722V-14.0 P-10722V-14.1 P-10722V-15.0 P-10722V-16.0 Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI (Spring Framework)). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebCenter Sites. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2018-15756 P-9617V-12.2.1.3.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-9617V-12.2.1.3.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps (Spring Framework)). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2018-15756 P-5242V-10.3.6.0.0 P-5242V-12.1.3.0.0 P-5242V-12.2.1.3.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-5242V-10.3.6.0.0 P-5242V-12.1.3.0.0 P-5242V-12.2.1.3.0 Vulnerability in the Oracle FLEXCUBE Private Banking product of Oracle Financial Services Applications (component: Core (Apache Tika)). Supported versions that are affected are 12.0.1, 12.0.3 and 12.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Private Banking. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Security patch has been released CVE-2018-17197 P-9110V-12.0.1 P-9110V-12.0.3 P-9110V-12.1.0 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-9110V-12.0.1 P-9110V-12.0.3 P-9110V-12.1.0 Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Core (Apache Tika)). Supported versions that are affected are 16.1, 16.2, 17.7-17.12 and 18.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Unifier. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Security patch has been released CVE-2018-17197 P-10354V-16.1 P-10354V-16.2 P-10354V-17.7-17.12 P-10354V-18.8 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10354V-16.1 P-10354V-16.2 P-10354V-17.7-17.12 P-10354V-18.8 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Rich Text Editor (CKEditor)). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2018-17960 P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 Vulnerability in the Oracle Banking Platform product of Oracle Financial Services Applications (component: Infrastructure (jackson-databind)). Supported versions that are affected are 2.4.0-2.7.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Platform. Successful attacks of this vulnerability can result in takeover of Oracle Banking Platform. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2018-19362 P-9178V-2.4.0-2.7.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-9178V-2.4.0-2.7.1 Vulnerability in the Enterprise Manager for Virtualization product of Oracle Enterprise Manager (component: Plug-In Lifecycle (jackson-databind)). Supported versions that are affected are 13.1, 13.2 and 13.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager for Virtualization. Successful attacks of this vulnerability can result in takeover of Enterprise Manager for Virtualization. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2018-19362 P-9586V-13.1 P-9586V-13.2 P-9586V-13.3 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-9586V-13.1 P-9586V-13.2 P-9586V-13.3 Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure (Jackson-databind)). Supported versions that are affected are 8.0.2-8.0.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2018-19362 P-5680V-8.0.2-8.0.8 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-5680V-8.0.2-8.0.8 Vulnerability in the Oracle Financial Services Funds Transfer Pricing product of Oracle Financial Services Applications (component: Core (jackson-databind)). Supported versions that are affected are 8.0.6-8.0.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Funds Transfer Pricing. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Funds Transfer Pricing. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2018-19362 P-5659V-8.0.6-8.0.7 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-5659V-8.0.6-8.0.7 Vulnerability in the Oracle Financial Services Institutional Performance Analytics product of Oracle Financial Services Applications (component: Core (jackson-databind)). Supported versions that are affected are 8.0.4-8.0.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Institutional Performance Analytics. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Institutional Performance Analytics. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2018-19362 P-10215V-8.0.4-8.0.7 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10215V-8.0.4-8.0.7 Vulnerability in the Oracle Financial Services Price Creation and Discovery product of Oracle Financial Services Applications (component: Core (jackson-databind)). Supported versions that are affected are 8.0.4-8.0.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Price Creation and Discovery. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2018-19362 P-5749V-8.0.4-8.0.7 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-5749V-8.0.4-8.0.7 Vulnerability in the Oracle Financial Services Profitability Management product of Oracle Financial Services Applications (component: Core (jackson-databind)). Supported versions that are affected are 8.0.4-8.0.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Profitability Management. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Profitability Management. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2018-19362 P-5658V-8.0.4-8.0.7 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-5658V-8.0.4-8.0.7 Vulnerability in the Oracle Financial Services Retail Customer Analytics product of Oracle Financial Services Applications (component: Core (jackson-databind)). Supported versions that are affected are 8.0.4-8.0.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Retail Customer Analytics. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Retail Customer Analytics. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2018-19362 P-10214V-8.0.4-8.0.6 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10214V-8.0.4-8.0.6 Vulnerability in the Oracle Insurance Allocation Manager for Enterprise Profitability product of Oracle Financial Services Applications (component: Core (jackson-databind)). The supported version that is affected is 8.0.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Allocation Manager for Enterprise Profitability. Successful attacks of this vulnerability can result in takeover of Oracle Insurance Allocation Manager for Enterprise Profitability. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2018-19362 P-13946V-8.0.8 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-13946V-8.0.8 Vulnerability in the Oracle Insurance Performance Insight product of Oracle Financial Services Applications (component: Core (jackson-databind)). The supported version that is affected is 8.0.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Performance Insight. Successful attacks of this vulnerability can result in takeover of Oracle Insurance Performance Insight. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2018-19362 P-11257V-8.0.7 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-11257V-8.0.7 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics (jackson-databind)). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2018-19362 P-4781V-9.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-4781V-9.2 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime (jackson-databind)). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2018-19362 P-4781V-9.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-4781V-9.2 Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin (jackson-databind)). Supported versions that are affected are 15.2, 16.2, 17.12 and 18.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Gateway. Successful attacks of this vulnerability can result in takeover of Primavera Gateway. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2018-19362 P-10605V-15.2 P-10605V-16.2 P-10605V-17.12 P-10605V-18.8 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10605V-15.2 P-10605V-16.2 P-10605V-17.12 P-10605V-18.8 Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations (jackson-databind)). Supported versions that are affected are 16.0, 17.0 and 18.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in takeover of Oracle Retail Customer Management and Segmentation Foundation. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2018-19362 P-13388V-16.0 P-13388V-17.0 P-13388V-18.0 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-13388V-16.0 P-13388V-17.0 P-13388V-18.0 Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (jackson-databind)). Supported versions that are affected are 7.0, 7.1, 15.0, 16.0, 17.0 and 18.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in takeover of Oracle Retail Xstore Point of Service. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2018-19362 P-11513V-7.0 P-11513V-7.1 P-11513V-15.0 P-11513V-16.0 P-11513V-17.0 P-11513V-18.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-11513V-7.0 P-11513V-7.1 P-11513V-15.0 P-11513V-16.0 P-11513V-17.0 P-11513V-18.0 Vulnerability in the Oracle Retail Xstore Office product of Oracle Retail Applications (component: Internal Operations). Supported versions that are affected are 7.0 and 7.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Xstore Office. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Xstore Office accessible data as well as unauthorized read access to a subset of Oracle Retail Xstore Office accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Xstore Office. CVSS 3.0 Base Score 5.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L). Security patch has been released CVE-2018-2883 P-11560V-7.0 P-11560V-7.1 5.5 AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-11560V-7.0 P-11560V-7.1 Vulnerability in the Oracle Retail Xstore Office product of Oracle Retail Applications (component: Internal Operations). The supported version that is affected is 7.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Office. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Xstore Office accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Xstore Office accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Xstore Office. CVSS 3.0 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L). Security patch has been released CVE-2018-3111 P-11560V-7.1 7.6 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-11560V-7.1 Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Customer). Supported versions that are affected are 16.0 and 17.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. While the vulnerability is in Oracle Retail Customer Management and Segmentation Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized access to critical data or complete access to all Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N). Security patch has been released CVE-2018-3315 P-13388V-16.0 P-13388V-17.0 8.2 AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-13388V-16.0 P-13388V-17.0 Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Segment). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Customer Management and Segmentation Foundation. CVSS 3.0 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L). Security patch has been released CVE-2018-3316 P-13388V-16.0 P-13388V-17.0 7.6 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-13388V-16.0 P-13388V-17.0 Vulnerability in the Oracle Global Lifecycle Management OPatchAuto product of Oracle Global Lifecycle Management (component: OPatch Auto Binary (jackson-databind)). The supported version that is affected is Prior to 12.2.0.1.14. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Global Lifecycle Management OPatchAuto executes to compromise Oracle Global Lifecycle Management OPatchAuto. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Global Lifecycle Management OPatchAuto, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Global Lifecycle Management OPatchAuto. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H). Security patch has been released CVE-2018-7489 P-12752V-Prior to 12.2.0.1.14 7.2 AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-12752V-Prior to 12.2.0.1.14 Vulnerability in the Oracle Communications Application Session Controller product of Oracle Communications (component: Security (Apache Batik)). Supported versions that are affected are 3.7.1 and 3.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Application Session Controller. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Application Session Controller accessible data as well as unauthorized read access to a subset of Oracle Communications Application Session Controller accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Application Session Controller. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Security patch has been released CVE-2018-8013 P-10769V-3.7.1 P-10769V-3.8.0 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10769V-3.7.1 P-10769V-3.8.0 Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Third Party Tools (Apache Batik)). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Sites. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Security patch has been released CVE-2018-8013 P-9617V-12.2.1.3.0 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-9617V-12.2.1.3.0 Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: Security (Apache cxf)). Supported versions that are affected are 8.0, 8.1 and 8.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks of this vulnerability can result in takeover of Oracle Communications Diameter Signaling Router (DSR). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2018-8039 P-10899V-8.0 P-10899V-8.1 P-10899V-8.2 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10899V-8.0 P-10899V-8.1 P-10899V-8.2 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework (Apache CXF)). Supported versions that are affected are 12.1.0.5.0, 13.2.0.0.0 and 13.3.0.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in takeover of Enterprise Manager Base Platform. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2018-8039 P-1370V-12.1.0.5.0 P-1370V-13.2.0.0.0 P-1370V-13.3.0.0.0 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-1370V-12.1.0.5.0 P-1370V-13.2.0.0.0 P-1370V-13.3.0.0.0 Vulnerability in the Oracle FLEXCUBE Private Banking product of Oracle Financial Services Applications (component: Core (cxf)). Supported versions that are affected are 12.0.1, 12.0.3 and 12.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in takeover of Oracle FLEXCUBE Private Banking. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2018-8039 P-9110V-12.0.1 P-9110V-12.0.3 P-9110V-12.1.0 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-9110V-12.0.1 P-9110V-12.0.3 P-9110V-12.1.0 Vulnerability in the Oracle Retail Order Broker product of Oracle Retail Applications (component: Order Broker Foundation (Apache CXF)). Supported versions that are affected are 5.2 and 15.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Order Broker. Successful attacks of this vulnerability can result in takeover of Oracle Retail Order Broker. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2018-8039 P-11520V-5.2 P-11520V-15.0 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-11520V-5.2 P-11520V-15.0 Vulnerability in the Instantis EnterpriseTrack product of Oracle Construction and Engineering (component: Core (Apache HTTP Server)). Supported versions that are affected are 17.1, 17.2 and 17.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Instantis EnterpriseTrack. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Instantis EnterpriseTrack. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-0190 P-10563V-17.1 P-10563V-17.2 P-10563V-17.3 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10563V-17.1 P-10563V-17.2 P-10563V-17.3 Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xstore Office (Apache HTTP Server)). Supported versions that are affected are 7.0 and 7.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Xstore Point of Service. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-0190 P-11513V-7.0 P-11513V-7.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-11513V-7.0 P-11513V-7.1 Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Core (solr)). Supported versions that are affected are 16.1, 16.2, 17.7-17.12 and 18.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in takeover of Primavera Unifier. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-0192 P-10354V-16.1 P-10354V-16.2 P-10354V-17.7-17.12 P-10354V-18.8 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10354V-16.1 P-10354V-16.2 P-10354V-17.7-17.12 P-10354V-18.8 Vulnerability in the Instantis EnterpriseTrack product of Oracle Construction and Engineering (component: Core (Tomcat)). Supported versions that are affected are 17.1, 17.2 and 17.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Instantis EnterpriseTrack. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Instantis EnterpriseTrack. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-0199 P-10563V-17.1 P-10563V-17.2 P-10563V-17.3 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10563V-17.1 P-10563V-17.2 P-10563V-17.3 Vulnerability in the Enterprise Manager Ops Center product of Oracle Enterprise Manager (component: Compliance Test Suite (Apache HTTP Server)). Supported versions that are affected are 12.3.3 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Enterprise Manager Ops Center executes to compromise Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in takeover of Enterprise Manager Ops Center. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-0211 P-9835V-12.3.3 P-9835V-12.4.0 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-9835V-12.3.3 P-9835V-12.4.0 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener (Apache httpd)). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle HTTP Server executes to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in takeover of Oracle HTTP Server. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-0211 P-1042V-12.2.1.3.0 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-1042V-12.2.1.3.0 Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (Apache HTTP Server)). Supported versions that are affected are 7.0 and 7.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Retail Xstore Point of Service executes to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in takeover of Oracle Retail Xstore Point of Service. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-0211 P-11513V-7.0 P-11513V-7.1 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-11513V-7.0 P-11513V-7.1 Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Valid Session (Apache ActiveMQ)). Supported versions that are affected are 12.1.0.5.0, 13.2.0.0.0 and 13.3.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Manager Base Platform. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-0222 P-1370V-12.1.0.5.0 P-1370V-13.2.0.0.0 P-1370V-13.3.0.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-1370V-12.1.0.5.0 P-1370V-13.2.0.0.0 P-1370V-13.3.0.0.0 Vulnerability in the Oracle Enterprise Repository product of Oracle Fusion Middleware (component: Security Subsystem - 12c (Apache ActiveMQ)). The supported version that is affected is 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Repository. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-0222 P-5326V-12.1.3.0.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-5326V-12.1.3.0.0 Vulnerability in the Oracle Retail Order Broker product of Oracle Retail Applications (component: Upgrade Install (Apache Tomcat)). Supported versions that are affected are 5.2 and 15.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Order Broker. Successful attacks of this vulnerability can result in takeover of Oracle Retail Order Broker. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-0232 P-11520V-5.2 P-11520V-15.0 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-11520V-5.2 P-11520V-15.0 Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Install (Apache Tomcat)). The supported version that is affected is 6.3.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in takeover of Oracle Transportation Management. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-0232 P-1991V-6.3.7 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-1991V-6.3.7 Vulnerability in the Oracle Banking Platform product of Oracle Financial Services Applications (component: UI (jQuery)). Supported versions that are affected are 2.4.0-2.7.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Platform accessible data as well as unauthorized read access to a subset of Oracle Banking Platform accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-11358 P-9178V-2.4.0-2.7.1 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-9178V-2.4.0-2.7.1 Vulnerability in the Oracle Financial Services - Regulatory Reporting for Reserve Bank of India - Lombard Risk Integration Pack product of Oracle Financial Services Applications (component: UI (jQuery)). The supported version that is affected is 8.0.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services - Regulatory Reporting for Reserve Bank of India - Lombard Risk Integration Pack. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services - Regulatory Reporting for Reserve Bank of India - Lombard Risk Integration Pack, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services - Regulatory Reporting for Reserve Bank of India - Lombard Risk Integration Pack accessible data as well as unauthorized read access to a subset of Oracle Financial Services - Regulatory Reporting for Reserve Bank of India - Lombard Risk Integration Pack accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-11358 P-12586V-8.0.7 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-12586V-8.0.7 Vulnerability in the Oracle Financial Services - Regulatory Reporting for US Federal Reserve - Lombard Risk Integration Pack product of Oracle Financial Services Applications (component: UI (jQuery)). Supported versions that are affected are 8.0.4-8.0.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services - Regulatory Reporting for US Federal Reserve - Lombard Risk Integration Pack. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services - Regulatory Reporting for US Federal Reserve - Lombard Risk Integration Pack, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services - Regulatory Reporting for US Federal Reserve - Lombard Risk Integration Pack accessible data as well as unauthorized read access to a subset of Oracle Financial Services - Regulatory Reporting for US Federal Reserve - Lombard Risk Integration Pack accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-11358 P-12587V-8.0.4-8.0.7 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-12587V-8.0.4-8.0.7 Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure (jQuery)). Supported versions that are affected are 7.3.3-7.3.5 and 8.0.2-8.0.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-11358 P-5680V-7.3.3-7.3.5 P-5680V-8.0.2-8.0.8 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-5680V-7.3.3-7.3.5 P-5680V-8.0.2-8.0.8 Vulnerability in the Oracle Financial Services Analytical Applications Reconciliation Framework product of Oracle Financial Services Applications (component: UI (jQuery)). Supported versions that are affected are 8.0.4-8.0.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Reconciliation Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Analytical Applications Reconciliation Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Reconciliation Framework accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Reconciliation Framework accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-11358 P-5748V-8.0.4-8.0.7 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-5748V-8.0.4-8.0.7 Vulnerability in the Oracle Financial Services Asset Liability Management product of Oracle Financial Services Applications (component: UI (jQuery)). Supported versions that are affected are 8.0.4-8.0.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Asset Liability Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Asset Liability Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Asset Liability Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Asset Liability Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-11358 P-5662V-8.0.4-8.0.7 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-5662V-8.0.4-8.0.7 Vulnerability in the Oracle Financial Services Basel Regulatory Capital Basic product of Oracle Financial Services Applications (component: UI (jQuery)). Supported versions that are affected are 8.0.4-8.0.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Basel Regulatory Capital Basic. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Basel Regulatory Capital Basic, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Basel Regulatory Capital Basic accessible data as well as unauthorized read access to a subset of Oracle Financial Services Basel Regulatory Capital Basic accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-11358 P-9612V-8.0.4-8.0.7 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-9612V-8.0.4-8.0.7 Vulnerability in the Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach product of Oracle Financial Services Applications (component: UI (jQuery)). Supported versions that are affected are 8.0.4-8.0.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach accessible data as well as unauthorized read access to a subset of Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-11358 P-9450V-8.0.4-8.0.7 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-9450V-8.0.4-8.0.7 Vulnerability in the Oracle Financial Services Data Foundation product of Oracle Financial Services Applications (component: UI (jQuery)). Supported versions that are affected are 8.0.4-8.0.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Data Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Data Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Data Foundation accessible data as well as unauthorized read access to a subset of Oracle Financial Services Data Foundation accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-11358 P-9180V-8.0.4-8.0.8 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-9180V-8.0.4-8.0.8 Vulnerability in the Oracle Financial Services Data Integration Hub product of Oracle Financial Services Applications (component: UI (jQuery)). Supported versions that are affected are 8.0.5-8.0.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Data Integration Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Data Integration Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Data Integration Hub accessible data as well as unauthorized read access to a subset of Oracle Financial Services Data Integration Hub accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-11358 P-11289V-8.0.5-8.0.7 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-11289V-8.0.5-8.0.7 Vulnerability in the Oracle Financial Services Funds Transfer Pricing product of Oracle Financial Services Applications (component: UI (jQuery)). Supported versions that are affected are 8.0.4-8.0.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Funds Transfer Pricing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Funds Transfer Pricing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Funds Transfer Pricing accessible data as well as unauthorized read access to a subset of Oracle Financial Services Funds Transfer Pricing accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-11358 P-5659V-8.0.4-8.0.7 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-5659V-8.0.4-8.0.7 Vulnerability in the Oracle Financial Services Hedge Management and IFRS Valuations product of Oracle Financial Services Applications (component: UI (jQuery)). Supported versions that are affected are 8.0.4-8.0.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Hedge Management and IFRS Valuations. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Hedge Management and IFRS Valuations, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Hedge Management and IFRS Valuations accessible data as well as unauthorized read access to a subset of Oracle Financial Services Hedge Management and IFRS Valuations accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-11358 P-9332V-8.0.4-8.0.7 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-9332V-8.0.4-8.0.7 Vulnerability in the Oracle Financial Services Institutional Performance Analytics product of Oracle Financial Services Applications (component: UI (jQuery)). Supported versions that are affected are 8.0.4-8.0.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Institutional Performance Analytics. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Institutional Performance Analytics, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Institutional Performance Analytics accessible data as well as unauthorized read access to a subset of Oracle Financial Services Institutional Performance Analytics accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-11358 P-10215V-8.0.4-8.0.7 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10215V-8.0.4-8.0.7 Vulnerability in the Oracle Financial Services Liquidity Risk Management product of Oracle Financial Services Applications (component: UI (jQuery)). Supported versions that are affected are 8.0.1, 8.0.2, 8.0.4, 8.0.5 and 8.0.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Liquidity Risk Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Liquidity Risk Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Liquidity Risk Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Liquidity Risk Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-11358 P-9096V-8.0.1 P-9096V-8.0.2 P-9096V-8.0.4 P-9096V-8.0.5 P-9096V-8.0.6 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-9096V-8.0.1 P-9096V-8.0.2 P-9096V-8.0.4 P-9096V-8.0.5 P-9096V-8.0.6 Vulnerability in the Oracle Financial Services Liquidity Risk Measurement and Management product of Oracle Financial Services Applications (component: UI (jQuery)). Supported versions that are affected are 8.0.7 and 8.0.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Liquidity Risk Measurement and Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Liquidity Risk Measurement and Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Liquidity Risk Measurement and Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Liquidity Risk Measurement and Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-11358 P-13797V-8.0.7 P-13797V-8.0.8 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-13797V-8.0.7 P-13797V-8.0.8 Vulnerability in the Oracle Financial Services Loan Loss Forecasting and Provisioning product of Oracle Financial Services Applications (component: UI (jQuery)). Supported versions that are affected are 8.0.2-8.0.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Loan Loss Forecasting and Provisioning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Loan Loss Forecasting and Provisioning, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Loan Loss Forecasting and Provisioning accessible data as well as unauthorized read access to a subset of Oracle Financial Services Loan Loss Forecasting and Provisioning accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-11358 P-9474V-8.0.2-8.0.7 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-9474V-8.0.2-8.0.7 Vulnerability in the Oracle Financial Services Market Risk Measurement and Management product of Oracle Financial Services Applications (component: UI (jQuery)). Supported versions that are affected are 8.0.5, 8.0.6 and 8.0.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Market Risk Measurement and Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Market Risk Measurement and Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Market Risk Measurement and Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Market Risk Measurement and Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-11358 P-13111V-8.0.5 P-13111V-8.0.6 P-13111V-8.0.8 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-13111V-8.0.5 P-13111V-8.0.6 P-13111V-8.0.8 Vulnerability in the Oracle Financial Services Price Creation and Discovery product of Oracle Financial Services Applications (component: UI (jQuery)). Supported versions that are affected are 8.0.4-8.0.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Price Creation and Discovery, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-11358 P-5749V-8.0.4-8.0.7 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-5749V-8.0.4-8.0.7 Vulnerability in the Oracle Financial Services Profitability Management product of Oracle Financial Services Applications (component: UI (jQuery)). Supported versions that are affected are 8.0.4-8.0.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Profitability Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Profitability Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Profitability Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Profitability Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-11358 P-5658V-8.0.4-8.0.7 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-5658V-8.0.4-8.0.7 Vulnerability in the Oracle Financial Services Regulatory Reporting for European Banking Authority product of Oracle Financial Services Applications (component: UI (jQuery)). Supported versions that are affected are 8.0.6 and 8.0.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Regulatory Reporting for European Banking Authority. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Regulatory Reporting for European Banking Authority, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Regulatory Reporting for European Banking Authority accessible data as well as unauthorized read access to a subset of Oracle Financial Services Regulatory Reporting for European Banking Authority accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-11358 P-13147V-8.0.6 P-13147V-8.0.7 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-13147V-8.0.6 P-13147V-8.0.7 Vulnerability in the Oracle Financial Services Regulatory Reporting for European Banking Authority - Integration Pack for Lombard Risk product of Oracle Financial Services Applications (component: UI (jQuery)). Supported versions that are affected are 8.0.6 and 8.0.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Regulatory Reporting for European Banking Authority - Integration Pack for Lombard Risk. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Regulatory Reporting for European Banking Authority - Integration Pack for Lombard Risk, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Regulatory Reporting for European Banking Authority - Integration Pack for Lombard Risk accessible data as well as unauthorized read access to a subset of Oracle Financial Services Regulatory Reporting for European Banking Authority - Integration Pack for Lombard Risk accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-11358 P-13148V-8.0.6 P-13148V-8.0.7 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-13148V-8.0.6 P-13148V-8.0.7 Vulnerability in the Oracle Financial Services Regulatory Reporting for US Federal Reserve product of Oracle Financial Services Applications (component: UI (jQuery)). Supported versions that are affected are 8.0.4-8.0.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Regulatory Reporting for US Federal Reserve. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Regulatory Reporting for US Federal Reserve, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Regulatory Reporting for US Federal Reserve accessible data as well as unauthorized read access to a subset of Oracle Financial Services Regulatory Reporting for US Federal Reserve accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-11358 P-13080V-8.0.4-8.0.7 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-13080V-8.0.4-8.0.7 Vulnerability in the Oracle Financial Services Retail Customer Analytics product of Oracle Financial Services Applications (component: UI (jQuery)). Supported versions that are affected are 8.0.4-8.0.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Retail Customer Analytics. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Retail Customer Analytics, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Retail Customer Analytics accessible data as well as unauthorized read access to a subset of Oracle Financial Services Retail Customer Analytics accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-11358 P-10214V-8.0.4-8.0.6 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10214V-8.0.4-8.0.6 Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Core (jQuery)). Supported versions that are affected are 2.4.0.0 and 2.4.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Revenue Management and Billing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized read access to a subset of Oracle Financial Services Revenue Management and Billing accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-11358 P-5322V-2.4.0.0 P-5322V-2.4.0.1 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-5322V-2.4.0.0 P-5322V-2.4.0.1 Vulnerability in the Oracle Hospitality Guest Access product of Oracle Hospitality Applications (component: Base (jQuery)). Supported versions that are affected are 4.2 and 4.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Guest Access. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Guest Access, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Guest Access accessible data as well as unauthorized read access to a subset of Oracle Hospitality Guest Access accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-11358 P-12617V-4.2 P-12617V-4.2.1 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-12617V-4.2 P-12617V-4.2.1 Vulnerability in the Oracle Insurance IFRS 17 Analyzer product of Oracle Financial Services Applications (component: UI (jQuery)). Supported versions that are affected are 8.0.6 and 8.0.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance IFRS 17 Analyzer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Insurance IFRS 17 Analyzer, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Insurance IFRS 17 Analyzer accessible data as well as unauthorized read access to a subset of Oracle Insurance IFRS 17 Analyzer accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-11358 P-13809V-8.0.6 P-13809V-8.0.7 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-13809V-8.0.6 P-13809V-8.0.7 Vulnerability in the Oracle Insurance Allocation Manager for Enterprise Profitability product of Oracle Financial Services Applications (component: UI (jQuery)). The supported version that is affected is 8.0.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Allocation Manager for Enterprise Profitability. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Insurance Allocation Manager for Enterprise Profitability, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Insurance Allocation Manager for Enterprise Profitability accessible data as well as unauthorized read access to a subset of Oracle Insurance Allocation Manager for Enterprise Profitability accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-11358 P-13946V-8.0.8 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-13946V-8.0.8 Vulnerability in the Oracle Insurance Data Foundation product of Oracle Financial Services Applications (component: UI (jQuery)). Supported versions that are affected are 8.0.4-8.0.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Data Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Insurance Data Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Insurance Data Foundation accessible data as well as unauthorized read access to a subset of Oracle Insurance Data Foundation accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-11358 P-9755V-8.0.4-8.0.7 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-9755V-8.0.4-8.0.7 Vulnerability in the Oracle Insurance Performance Insight product of Oracle Financial Services Applications (component: UI (jQuery)). The supported version that is affected is 8.0.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Performance Insight. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Insurance Performance Insight, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Insurance Performance Insight accessible data as well as unauthorized read access to a subset of Oracle Insurance Performance Insight accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-11358 P-11257V-8.0.7 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-11257V-8.0.7 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Mobile Application Platform (jQuery)). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-11358 P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core (OpenSSL)). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2019-1543 P-8370V-Prior to 5.2.32 P-8370V-prior to 6.0.10 7.4 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8370V-Prior to 5.2.32 P-8370V-prior to 6.0.10 Vulnerability in the Oracle Endeca Server product of Oracle Fusion Middleware (component: Product Code (OpenSSL)). The supported version that is affected is 7.7.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Endeca Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Endeca Server accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2019-1559 P-10217V-7.7.0 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10217V-7.7.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Discovery Framework (OpenSSL)). Supported versions that are affected are 12.1.0.5.0, 13.2.0.0.0 and 13.3.0.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2019-1559 P-1370V-12.1.0.5.0 P-1370V-13.2.0.0.0 P-1370V-13.3.0.0.0 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-1370V-12.1.0.5.0 P-1370V-13.2.0.0.0 P-1370V-13.3.0.0.0 Vulnerability in the Enterprise Manager Ops Center product of Oracle Enterprise Manager (component: Networking (OpenSSL)). Supported versions that are affected are 12.3.3 and 12.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Ops Center accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2019-1559 P-9835V-12.3.3 P-9835V-12.4.0 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-9835V-12.3.3 P-9835V-12.4.0 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure SEC (OpenSSL)). The supported version that is affected is 9.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via JDENET to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Tools accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2019-1559 P-4781V-9.2 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-4781V-9.2 Vulnerability in the JD Edwards World Security product of Oracle JD Edwards (component: Security Vulnerability (OpenSSL)). Supported versions that are affected are A9.3, A9.3.1 and A9.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise JD Edwards World Security. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards World Security accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2019-1559 P-4839V-A9.3 P-4839V-A9.3.1 P-4839V-A9.4 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-4839V-A9.3 P-4839V-A9.3.1 P-4839V-A9.4 Vulnerability in the MySQL Workbench product of Oracle MySQL (component: MySQL Workbench (OpenSSL)). Supported versions that are affected are 8.0.16 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Workbench accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2019-1559 P-4627V-8.0.16 and prior 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-4627V-8.0.16 and prior Vulnerability in the Services Tools Bundle product of Oracle Support Tools (component: Utilities (OpenSSL)). The supported version that is affected is 19.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Services Tools Bundle. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Services Tools Bundle accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2019-1559 P-1330V-19.2 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-1330V-19.2 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security (OpenSSL)). Supported versions that are affected are 8.55, 8.56 and 8.57. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2019-1559 P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 Vulnerability in the Application Express component of Oracle Database Server. Supported versions that are affected are 5.1 and 18.2. Easily exploitable vulnerability allows low privileged attacker having Valid Account privilege with network access via HTTP to compromise Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Application Express accessible data as well as unauthorized read access to a subset of Application Express accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-2484 P-1348V-5.1 P-1348V-18.2 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-1348V-5.1 P-1348V-18.2 Vulnerability in the Oracle Retail Xstore Office product of Oracle Retail Applications (component: Internal Operations). Supported versions that are affected are 7.0 and 7.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Office. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Xstore Office accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Xstore Office accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N). Security patch has been released CVE-2019-2561 P-11560V-7.0 P-11560V-7.1 8.2 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-11560V-7.0 P-11560V-7.1 Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Difficult to exploit vulnerability allows high privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Core RDBMS accessible data. CVSS 3.0 Base Score 4.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N). Security patch has been released CVE-2019-2569 P-5V-11.2.0.4 P-5V-12.1.0.2 P-5V-12.2.0.1 4.0 AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-5V-11.2.0.4 P-5V-12.1.0.2 P-5V-12.2.0.1 Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Pagelet Wizard). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2019-2599 P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Security patch has been released CVE-2019-2666 P-1379V-12.1.1 - 12.1.3 P-1379V-12.2.3 - 12.2.8 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-1379V-12.1.1 - 12.1.3 P-1379V-12.2.3 - 12.2.8 Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Security patch has been released CVE-2019-2668 P-1379V-12.1.1 - 12.1.3 P-1379V-12.2.3 - 12.2.8 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-1379V-12.1.1 - 12.1.3 P-1379V-12.2.3 - 12.2.8 Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Security patch has been released CVE-2019-2672 P-1379V-12.1.1 - 12.1.3 P-1379V-12.2.3 - 12.2.8 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-1379V-12.1.1 - 12.1.3 P-1379V-12.2.3 - 12.2.8 Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Application Server (Oracle WebLogic Server)). Supported versions that are affected are 9.3.3, 9.3.4 and 9.3.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-2725 P-4461V-9.3.3 P-4461V-9.3.4 P-4461V-9.3.5 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-4461V-9.3.3 P-4461V-9.3.4 P-4461V-9.3.5 Vulnerability in the StorageTek Tape Analytics SW Tool product of Oracle Systems (component: Application Server (WebLogic)). The supported version that is affected is 2.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise StorageTek Tape Analytics SW Tool. Successful attacks of this vulnerability can result in takeover of StorageTek Tape Analytics SW Tool. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-2725 P-10085V-2.3.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10085V-2.3.0 Vulnerability in the Tape Virtual Storage Manager GUI product of Oracle Systems (component: Application Server (WebLogic)). The supported version that is affected is 6.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Tape Virtual Storage Manager GUI. Successful attacks of this vulnerability can result in takeover of Tape Virtual Storage Manager GUI. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-2725 P-10118V-6.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10118V-6.2 Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Load Testing for Web Apps). The supported version that is affected is 13.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Testing Suite accessible data as well as unauthorized read access to a subset of Oracle Application Testing Suite accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Testing Suite. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Security patch has been released CVE-2019-2727 P-4622V-13.3 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-4622V-13.3 Vulnerability in the Enterprise Manager Ops Center product of Oracle Enterprise Manager (component: Networking). Supported versions that are affected are 12.3.3 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Ops Center accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). Security patch has been released CVE-2019-2728 P-9835V-12.3.3 P-9835V-12.4.0 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-9835V-12.3.3 P-9835V-12.4.0 Vulnerability in the Oracle Communications Converged Application Server product of Oracle Communications (component: Security (Oracle WebLogic Server)). Supported versions that are affected are 5.1, 7.0 and 7.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Converged Application Server. Successful attacks of this vulnerability can result in takeover of Oracle Communications Converged Application Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-2729 P-5382V-5.1 P-5382V-7.0 P-5382V-7.1 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-5382V-5.1 P-5382V-7.0 P-5382V-7.1 Vulnerability in the StorageTek Tape Analytics SW Tool product of Oracle Systems (component: Application Server (WebLogic)). The supported version that is affected is 2.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise StorageTek Tape Analytics SW Tool. Successful attacks of this vulnerability can result in takeover of StorageTek Tape Analytics SW Tool. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-2729 P-10085V-2.3.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10085V-2.3.0 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior and 5.7.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N). Security patch has been released CVE-2019-2730 P-8478V-5.6.44 and prior P-8478V-5.7.18 and prior 2.7 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8478V-5.6.44 and prior P-8478V-5.7.18 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L). Security patch has been released CVE-2019-2731 P-8478V-5.7.23 and prior 5.4 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8478V-5.7.23 and prior Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: Product Security). The supported version that is affected is 7.3.1.5.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Demantra Demand Management accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2019-2732 P-2100V-7.3.1.5.2 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-2100V-7.3.1.5.2 Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: Product Security). The supported version that is affected is 7.3.1.5.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Demantra Demand Management accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). Security patch has been released CVE-2019-2733 P-2100V-7.3.1.5.2 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-2100V-7.3.1.5.2 Vulnerability in the Oracle Hyperion Workspace product of Oracle Hyperion (component: UI and Visualization). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion Workspace. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hyperion Workspace accessible data. CVSS 3.0 Base Score 2.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N). Security patch has been released CVE-2019-2735 P-4361V-11.1.2.4 2.4 AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-4361V-11.1.2.4 Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1, 12.0.3, 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Investor Servicing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-2736 P-9099V-12.0.1 P-9099V-12.0.3 P-9099V-12.0.4 P-9099V-12.1.0 P-9099V-12.3.0 P-9099V-12.4.0 P-9099V-14.0.0 P-9099V-14.1.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-9099V-12.0.1 P-9099V-12.0.3 P-9099V-12.0.4 P-9099V-12.1.0 P-9099V-12.3.0 P-9099V-12.4.0 P-9099V-14.0.0 P-9099V-14.1.0 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server : Pluggable Auth). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-2737 P-8478V-5.6.44 and prior P-8478V-5.7.26 and prior P-8478V-8.0.16 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8478V-5.6.44 and prior P-8478V-5.7.26 and prior P-8478V-8.0.16 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server : Compiling). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2019-2738 P-8478V-5.6.44 and prior P-8478V-5.7.26 and prior P-8478V-8.0.16 and prior 3.1 AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8478V-5.6.44 and prior P-8478V-5.7.26 and prior P-8478V-8.0.16 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). Security patch has been released CVE-2019-2739 P-8478V-5.6.44 and prior P-8478V-5.7.26 and prior P-8478V-8.0.16 and prior 5.1 AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8478V-5.6.44 and prior P-8478V-5.7.26 and prior P-8478V-8.0.16 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: XML). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-2740 P-8478V-5.6.44 and prior P-8478V-5.7.26 and prior P-8478V-8.0.16 and prior 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8478V-5.6.44 and prior P-8478V-5.7.26 and prior P-8478V-8.0.16 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Log). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-2741 P-8478V-5.7.26 and prior P-8478V-8.0.16 and prior 5.3 AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8478V-5.7.26 and prior P-8478V-8.0.16 and prior Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Web Service API). The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. While the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data as well as unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.0 Base Score 7.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-2742 P-1479V-11.1.1.9.0 7.2 AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-1479V-11.1.1.9.0 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.12 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-2743 P-8478V-8.0.12 and prior 5.3 AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8478V-8.0.12 and prior Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.0.3, 12.1.0-12.4.0 and 14.0.0-14.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-2744 P-9052V-12.0.1-12.0.3 P-9052V-12.1.0-12.4.0 P-9052V-14.0.0-14.2.0 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-9052V-12.0.1-12.0.3 P-9052V-12.1.0-12.4.0 P-9052V-14.0.0-14.2.0 Vulnerability in the Java SE product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2019-2745 P-856V-Java SE: 7u221 P-856V-8u212 P-856V-11.0.3 5.1 AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-856V-Java SE: 7u221 P-856V-8u212 P-856V-11.0.3 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-2746 P-8478V-8.0.12 and prior 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8478V-8.0.12 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-2747 P-8478V-8.0.12 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8478V-8.0.12 and prior Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Application Server). Supported versions that are affected are 8.55, 8.56 and 8.57. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. While the vulnerability is in PeopleSoft Enterprise PT PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PT PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N). Security patch has been released CVE-2019-2748 P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 7.1 AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java VM. CVSS 3.0 Base Score 6.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H). Security patch has been released CVE-2019-2749 P-5V-11.2.0.4 P-5V-12.1.0.2 P-5V-12.2.0.1 P-5V-18c P-5V-19c 6.8 AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-5V-11.2.0.4 P-5V-12.1.0.2 P-5V-12.2.0.1 P-5V-18c P-5V-19c Vulnerability in the MICROS Retail-J product of Oracle Retail Applications (component: Internal Operations). Supported versions that are affected are 12.1.0, 12.1.1, 12.1.2 and 13.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MICROS Retail-J accessible data as well as unauthorized update, insert or delete access to some of MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). Security patch has been released CVE-2019-2750 P-11567V-12.1.0 P-11567V-12.1.1 P-11567V-12.1.2 P-11567V-13.1 8.6 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-11567V-12.1.0 P-11567V-12.1.1 P-11567V-12.1.2 P-11567V-13.1 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: OHS Config MBeans). Supported versions that are affected are 12.1.3.0.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2019-2751 P-1042V-12.1.3.0.0 P-1042V-12.2.1.3.0 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-1042V-12.1.3.0.0 P-1042V-12.2.1.3.0 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-2752 P-8478V-8.0.16 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8478V-8.0.16 and prior Vulnerability in the Oracle Text component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Oracle Text. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Text accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Text. CVSS 3.0 Base Score 4.6 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L). Security patch has been released CVE-2019-2753 P-211V-11.2.0.4 P-211V-12.1.0.2 P-211V-12.2.0.1 P-211V-18c 4.6 AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-211V-11.2.0.4 P-211V-12.1.0.2 P-211V-12.2.0.1 P-211V-18c Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.0.3, 12.1.0-12.4.0 and 14.0.0-14.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2019-2754 P-9052V-12.0.1-12.0.3 P-9052V-12.1.0-12.4.0 P-9052V-14.0.0-14.2.0 8.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-9052V-12.0.1-12.0.3 P-9052V-12.1.0-12.4.0 P-9052V-14.0.0-14.2.0 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-2755 P-8478V-5.7.25 and prior P-8478V-8.0.15 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8478V-5.7.25 and prior P-8478V-8.0.15 and prior Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Security patch has been released CVE-2019-2756 P-2276V-8.5.4 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-2276V-8.5.4 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-2757 P-8478V-5.7.26 and prior P-8478V-8.0.16 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8478V-5.7.26 and prior P-8478V-8.0.16 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). Security patch has been released CVE-2019-2758 P-8478V-5.7.26 and prior P-8478V-8.0.16 and prior 5.5 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8478V-5.7.26 and prior P-8478V-8.0.16 and prior Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Security patch has been released CVE-2019-2759 P-2276V-8.5.4 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-2276V-8.5.4 Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 12.1.6.1.23, 12.1.6.1.26, 12.1.6.1.29, 12.1.6.1.36, 12.1.6.2.23 and 12.1.6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-2760 P-2051V-12.1.6.1.23 P-2051V-12.1.6.1.26 P-2051V-12.1.6.1.29 P-2051V-12.1.6.1.36 P-2051V-12.1.6.2.23 P-2051V-12.1.6.2.32 7.0 AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-2051V-12.1.6.1.23 P-2051V-12.1.6.1.26 P-2051V-12.1.6.1.29 P-2051V-12.1.6.1.36 P-2051V-12.1.6.2.23 P-2051V-12.1.6.2.32 Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Attachments / File Upload). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2019-2761 P-510V-12.1.3 P-510V-12.2.3 - 12.2.8 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-510V-12.1.3 P-510V-12.2.3 - 12.2.8 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Security patch has been released CVE-2019-2762 P-856V-Java SE: 7u221 P-856V-8u212 P-856V-11.0.3 P-856V-12.0.1; Java SE Embedded: 8u211 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-856V-Java SE: 7u221 P-856V-8u212 P-856V-11.0.3 P-856V-12.0.1; Java SE Embedded: 8u211 Vulnerability in the Oracle Hospitality Gift and Loyalty product of Oracle Food and Beverage Applications (component: iCard). Supported versions that are affected are 9.0.0 and 9.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Gift and Loyalty. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Gift and Loyalty accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Gift and Loyalty accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N). Security patch has been released CVE-2019-2763 P-11600V-9.0.0 P-11600V-9.1.0 8.2 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-11600V-9.0.0 P-11600V-9.1.0 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Security patch has been released CVE-2019-2764 P-2276V-8.5.4 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-2276V-8.5.4 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). Security patch has been released CVE-2019-2766 P-856V-Java SE: 7u221 P-856V-8u212 P-856V-11.0.3 P-856V-12.0.1; Java SE Embedded: 8u211 3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-856V-Java SE: 7u221 P-856V-8u212 P-856V-11.0.3 P-856V-12.0.1; Java SE Embedded: 8u211 Vulnerability in the BI Publisher (formerly XML Publisher) product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher). While the vulnerability is in BI Publisher (formerly XML Publisher), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of BI Publisher (formerly XML Publisher) accessible data as well as unauthorized read access to a subset of BI Publisher (formerly XML Publisher) accessible data. CVSS 3.0 Base Score 7.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-2767 P-1479V-11.1.1.9.0 P-1479V-12.2.1.3.0 P-1479V-12.2.1.4.0 7.2 AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-1479V-11.1.1.9.0 P-1479V-12.2.1.3.0 P-1479V-12.2.1.4.0 Vulnerability in the BI Publisher (formerly XML Publisher) product of Oracle Fusion Middleware (component: BI Publisher Security). The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher (formerly XML Publisher) accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2019-2768 P-1479V-11.1.1.9.0 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-1479V-11.1.1.9.0 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Security patch has been released CVE-2019-2769 P-856V-Java SE: 7u221 P-856V-8u212 P-856V-11.0.3 P-856V-12.0.1; Java SE Embedded: 8u211 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-856V-Java SE: 7u221 P-856V-8u212 P-856V-11.0.3 P-856V-12.0.1; Java SE Embedded: 8u211 Vulnerability in the Oracle Hyperion Planning product of Oracle Hyperion (component: Smart View). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion Planning. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Planning accessible data. CVSS 3.0 Base Score 4.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N). Security patch has been released CVE-2019-2770 P-4402V-11.1.2.4 4.5 AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-4402V-11.1.2.4 Vulnerability in the BI Publisher (formerly XML Publisher) product of Oracle Fusion Middleware (component: BI Publisher Security). The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher (formerly XML Publisher), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all BI Publisher (formerly XML Publisher) accessible data as well as unauthorized read access to a subset of BI Publisher (formerly XML Publisher) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of BI Publisher (formerly XML Publisher). CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L). Security patch has been released CVE-2019-2771 P-1479V-11.1.1.9.0 8.2 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-1479V-11.1.1.9.0 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Activity Guide). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-2772 P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-5085V-8.55 P-5085V-8.56 P-5085V-8.57 Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Payments. While the vulnerability is in Oracle Payments, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Payments accessible data. CVSS 3.0 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N). Security patch has been released CVE-2019-2773 P-378V-12.1.1 - 12.1.3 P-378V-12.2.3 - 12.2.8 5.8 AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-378V-12.1.1 - 12.1.3 P-378V-12.2.3 - 12.2.8 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-2774 P-8478V-5.7.26 and prior P-8478V-8.0.16 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8478V-5.7.26 and prior P-8478V-8.0.16 and prior Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Payments. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Payments accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Payments. CVSS 3.0 Base Score 9.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H). Security patch has been released CVE-2019-2775 P-378V-12.1.1 - 12.1.3 P-378V-12.2.3 - 12.2.8 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-378V-12.1.1 - 12.1.3 P-378V-12.2.3 - 12.2.8 Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Index privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Core RDBMS accessible data as well as unauthorized update, insert or delete access to some of Core RDBMS accessible data. CVSS 3.0 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N). Security patch has been released CVE-2019-2776 P-211V-12.1.0.2 P-211V-12.2.0.1 P-211V-18c P-211V-19c 7.6 AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-211V-12.1.0.2 P-211V-12.2.0.1 P-211V-18c P-211V-19c Vulnerability in the Siebel Core - Server Framework product of Oracle Siebel CRM (component: Search). Supported versions that are affected are 19.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Core - Server Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel Core - Server Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel Core - Server Framework accessible data as well as unauthorized read access to a subset of Siebel Core - Server Framework accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-2777 P-9001V-19.0 and prior 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-9001V-19.0 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L). Security patch has been released CVE-2019-2778 P-8478V-5.7.26 and prior P-8478V-8.0.16 and prior 5.4 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8478V-5.7.26 and prior P-8478V-8.0.16 and prior Vulnerability in the Siebel Core - Common Components product of Oracle Siebel CRM (component: Email). Supported versions that are affected are 19.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Siebel Core - Common Components. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Siebel Core - Common Components accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N). Security patch has been released CVE-2019-2779 P-9747V-19.0 and prior 4.2 AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-9747V-19.0 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components / Services). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-2780 P-8478V-8.0.16 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8478V-8.0.16 and prior Vulnerability in the Oracle Hospitality Suite8 product of Oracle Hospitality Applications (component: XML Interface). Supported versions that are affected are 8.9.6, 8.10.2 and 8.11-8.14. Easily exploitable vulnerability allows low privileged attacker with network access via TCP/IP to compromise Oracle Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suite8 accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2019-2781 P-12619V-8.9.6 P-12619V-8.10.2 P-12619V-8.11-8.14 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-12619V-8.9.6 P-12619V-8.10.2 P-12619V-8.11-8.14 Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Payments. While the vulnerability is in Oracle Payments, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Payments accessible data. CVSS 3.0 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). Security patch has been released CVE-2019-2782 P-378V-12.1.1 - 12.1.3 P-378V-12.2.3 - 12.2.8 8.6 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-378V-12.1.1 - 12.1.3 P-378V-12.2.3 - 12.2.8 Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Payments. While the vulnerability is in Oracle Payments, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Payments accessible data. CVSS 3.0 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N). Security patch has been released CVE-2019-2783 P-378V-12.1.1 - 12.1.3 P-378V-12.2.3 - 12.2.8 5.8 AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-378V-12.1.1 - 12.1.3 P-378V-12.2.3 - 12.2.8 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-2784 P-8478V-8.0.16 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8478V-8.0.16 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-2785 P-8478V-8.0.16 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8478V-8.0.16 and prior Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N). Security patch has been released CVE-2019-2786 P-856V-Java SE: 8u212 P-856V-11.0.3 P-856V-12.0.1; Java SE Embedded: 8u211 3.4 AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-856V-Java SE: 8u212 P-856V-11.0.3 P-856V-12.0.1; Java SE Embedded: 8u211 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Automount). Supported versions that are affected are 11.4 and 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via NFS to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N). Security patch has been released CVE-2019-2787 P-10006V-11.4 P-10006V-10 4.2 AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10006V-11.4 P-10006V-10 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Open Fabrics Tools). The supported version that is affected is 11.4. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.0 Base Score 6.3 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H). Security patch has been released CVE-2019-2788 P-10006V-11.4 6.3 AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10006V-11.4 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N). Security patch has been released CVE-2019-2789 P-8478V-8.0.16 and prior 2.7 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8478V-8.0.16 and prior Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.0.3, 12.1.0-12.4.0 and 14.0.0-14.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). Security patch has been released CVE-2019-2790 P-9052V-12.0.1-12.0.3 P-9052V-12.1.0-12.4.0 P-9052V-14.0.0-14.2.0 5.4 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-9052V-12.0.1-12.0.3 P-9052V-12.1.0-12.4.0 P-9052V-14.0.0-14.2.0 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N). Security patch has been released CVE-2019-2791 P-8478V-5.7.26 and prior P-8478V-8.0.16 and prior 3.8 AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8478V-5.7.26 and prior P-8478V-8.0.16 and prior Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Security patch has been released CVE-2019-2792 P-2276V-8.5.4 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-2276V-8.5.4 Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.0.3, 12.1.0-12.4.0 and 14.0.0-14.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Universal Banking. CVSS 3.0 Base Score 3.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L). Security patch has been released CVE-2019-2793 P-9052V-12.0.1-12.0.3 P-9052V-12.1.0-12.4.0 P-9052V-14.0.0-14.2.0 3.5 AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-9052V-12.0.1-12.0.3 P-9052V-12.1.0-12.4.0 P-9052V-14.0.0-14.2.0 Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.0.3, 12.1.0-12.4.0 and 14.0.0-14.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2019-2794 P-9052V-12.0.1-12.0.3 P-9052V-12.1.0-12.4.0 P-9052V-14.0.0-14.2.0 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-9052V-12.0.1-12.0.3 P-9052V-12.1.0-12.4.0 P-9052V-14.0.0-14.2.0 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Charsets). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-2795 P-8478V-8.0.16 and prior 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8478V-8.0.16 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-2796 P-8478V-8.0.16 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8478V-8.0.16 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.2 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-2797 P-8478V-5.7.26 and prior P-8478V-8.0.16 and prior 4.2 AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8478V-5.7.26 and prior P-8478V-8.0.16 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-2798 P-8478V-8.0.15 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8478V-8.0.15 and prior Vulnerability in the Oracle ODBC Driver component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Difficult to exploit vulnerability allows low privileged attacker having None privilege with network access via multiple protocols to compromise Oracle ODBC Driver. Successful attacks of this vulnerability can result in takeover of Oracle ODBC Driver. Note: The vulnerability affects Windows platforms only. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-2799 P-579V-11.2.0.4 P-579V-12.1.0.2 P-579V-12.2.0.1 P-579V-18c 7.5 AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-579V-11.2.0.4 P-579V-12.1.0.2 P-579V-12.2.0.1 P-579V-18c Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H). Security patch has been released CVE-2019-2800 P-8478V-8.0.16 and prior 7.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8478V-8.0.16 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-2801 P-8478V-8.0.16 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8478V-8.0.16 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-2802 P-8478V-8.0.16 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8478V-8.0.16 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-2803 P-8478V-8.0.16 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8478V-8.0.16 and prior Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). Supported versions that are affected are 11.4 and 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-2804 P-10006V-11.4 P-10006V-10 7.3 AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10006V-11.4 P-10006V-10 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-2805 P-8478V-5.6.44 and prior P-8478V-5.7.26 and prior P-8478V-8.0.16 and prior 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8478V-5.6.44 and prior P-8478V-5.7.26 and prior P-8478V-8.0.16 and prior Vulnerability in the Oracle Solaris product of Oracle Systems (component: Zones). The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L). Security patch has been released CVE-2019-2807 P-10006V-11.4 3.9 AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10006V-11.4 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-2808 P-8478V-8.0.16 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8478V-8.0.16 and prior Vulnerability in the Oracle iRecruitment product of Oracle E-Business Suite (component: Password Reset). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iRecruitment. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle iRecruitment. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Security patch has been released CVE-2019-2809 P-1193V-12.1.1 - 12.1.3 P-1193V-12.2.3 - 12.2.8 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-1193V-12.1.1 - 12.1.3 P-1193V-12.2.3 - 12.2.8 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-2810 P-8478V-8.0.16 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8478V-8.0.16 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-2811 P-8478V-8.0.16 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8478V-8.0.16 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-2812 P-8478V-8.0.16 and prior 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8478V-8.0.16 and prior Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: GraalVM). The supported version that is affected is 19.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GraalVM Enterprise Edition. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). Security patch has been released CVE-2019-2813 P-13497V-19.0.0 7.7 AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-13497V-19.0.0 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.16 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 2.2 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N). Security patch has been released CVE-2019-2814 P-8478V-8.0.16 and prior 2.2 AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8478V-8.0.16 and prior Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-2815 P-8478V-8.0.16 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8478V-8.0.16 and prior Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). Security patch has been released CVE-2019-2816 P-856V-Java SE: 7u221 P-856V-8u212 P-856V-11.0.3 P-856V-12.0.1; Java SE Embedded: 8u211 4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-856V-Java SE: 7u221 P-856V-8u212 P-856V-11.0.3 P-856V-12.0.1; Java SE Embedded: 8u211 Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Folders, Files & Attachments). Supported versions that are affected are 9.3.3, 9.3.4, 9.3.5 and 9.3.6. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Agile PLM. CVSS 3.0 Base Score 5.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L). Security patch has been released CVE-2019-2817 P-4461V-9.3.3 P-4461V-9.3.4 P-4461V-9.3.5 P-4461V-9.3.6 5.4 AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-4461V-9.3.3 P-4461V-9.3.4 P-4461V-9.3.5 P-4461V-9.3.6 Vulnerability in the Java SE product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). Security patch has been released CVE-2019-2818 P-856V-Java SE: 11.0.3 P-856V-12.0.1 3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-856V-Java SE: 11.0.3 P-856V-12.0.1 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Audit). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). Security patch has been released CVE-2019-2819 P-8478V-5.6.44 and prior P-8478V-5.7.26 and prior P-8478V-8.0.16 and prior 5.5 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8478V-5.6.44 and prior P-8478V-5.7.26 and prior P-8478V-8.0.16 and prior Vulnerability in the Oracle Solaris product of Oracle Systems (component: Gnuplot). The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-2820 P-10006V-11.4 7.3 AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10006V-11.4 Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N). Security patch has been released CVE-2019-2821 P-856V-Java SE: 11.0.3 P-856V-12.0.1 5.3 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-856V-Java SE: 11.0.3 P-856V-12.0.1 Vulnerability in the MySQL Server product of Oracle MySQL (component: Shell: Admin / InnoDB Cluster). Supported versions that are affected are 8.0.16 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-2822 P-8478V-8.0.16 and prior 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8478V-8.0.16 and prior Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.5-8.0.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). Security patch has been released CVE-2019-2823 P-5680V-8.0.5-8.0.8 5.4 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-5680V-8.0.5-8.0.8 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data as well as unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N). Security patch has been released CVE-2019-2824 P-5242V-10.3.6.0.0 P-5242V-12.1.3.0.0 P-5242V-12.2.1.3.0 5.5 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-5242V-10.3.6.0.0 P-5242V-12.1.3.0.0 P-5242V-12.2.1.3.0 Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: Oracle Diagnostics Interfaces). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Applications Manager accessible data as well as unauthorized access to critical data or complete access to all Oracle Applications Manager accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2019-2825 P-99V-12.1.3 P-99V-12.2.3 - 12.2.8 6.5 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-99V-12.1.3 P-99V-12.2.3 - 12.2.8 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-2826 P-8478V-8.0.16 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8478V-8.0.16 and prior Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data as well as unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N). Security patch has been released CVE-2019-2827 P-5242V-10.3.6.0.0 P-5242V-12.1.3.0.0 P-5242V-12.2.1.3.0 5.5 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-5242V-10.3.6.0.0 P-5242V-12.1.3.0.0 P-5242V-12.2.1.3.0 Vulnerability in the Oracle Field Service product of Oracle E-Business Suite (component: Wireless). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Field Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Field Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Field Service. CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). Security patch has been released CVE-2019-2828 P-747V-12.1.1 - 12.1.3 P-747V-12.2.3 - 12.2.8 9.6 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-747V-12.1.1 - 12.1.3 P-747V-12.2.3 - 12.2.8 Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Service Requests). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Security patch has been released CVE-2019-2829 P-381V-12.1.1 - 12.1.3 P-381V-12.2.3 - 12.2.8 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-381V-12.1.1 - 12.1.3 P-381V-12.2.3 - 12.2.8 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-2830 P-8478V-8.0.16 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8478V-8.0.16 and prior Vulnerability in the PeopleSoft Enterprise FIN Project Costing product of Oracle PeopleSoft (component: Projects). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Project Costing. While the vulnerability is in PeopleSoft Enterprise FIN Project Costing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FIN Project Costing accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise FIN Project Costing. CVSS 3.0 Base Score 6.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L). Security patch has been released CVE-2019-2831 P-5013V-9.2 6.4 AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-5013V-9.2 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). The supported version that is affected is 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Security patch has been released CVE-2019-2832 P-10006V-10 8.8 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10006V-10 Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Import/Export). The supported version that is affected is 18.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony. While the vulnerability is in Oracle Hospitality Simphony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 7.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). Security patch has been released CVE-2019-2833 P-11594V-18.2.1 7.7 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-11594V-18.2.1 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-2834 P-8478V-8.0.16 and prior 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8478V-8.0.16 and prior Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Security patch has been released CVE-2019-2835 P-2276V-8.5.4 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-2276V-8.5.4 Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Engagement). The supported version that is affected is 18.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2019-2836 P-11594V-18.2.1 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-11594V-18.2.1 Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). Security patch has been released CVE-2019-2837 P-1199V-12.1.3 P-1199V-12.2.3 - 12.2.8 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-1199V-12.1.3 P-1199V-12.2.3 - 12.2.8 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via NFS to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data. CVSS 3.0 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2019-2838 P-10006V-11.4 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10006V-11.4 Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). Security patch has been released CVE-2019-2839 P-9052V-12.1.0-12.4.0 P-9052V-14.0.0-14.2.0 5.3 AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-9052V-12.1.0-12.4.0 P-9052V-14.0.0-14.2.0 Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.0.3, 12.1.0-12.4.0 and 14.0.0-14.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N). Security patch has been released CVE-2019-2840 P-9052V-12.0.1-12.0.3 P-9052V-12.1.0-12.4.0 P-9052V-14.0.0-14.2.0 5.7 AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-9052V-12.0.1-12.0.3 P-9052V-12.1.0-12.4.0 P-9052V-14.0.0-14.2.0 Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1, 12.0.3, 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). Security patch has been released CVE-2019-2841 P-9099V-12.0.1 P-9099V-12.0.3 P-9099V-12.0.4 P-9099V-12.1.0 P-9099V-12.3.0 P-9099V-12.4.0 P-9099V-14.0.0 P-9099V-14.1.0 8.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-9099V-12.0.1 P-9099V-12.0.3 P-9099V-12.0.4 P-9099V-12.1.0 P-9099V-12.3.0 P-9099V-12.4.0 P-9099V-14.0.0 P-9099V-14.1.0 Vulnerability in the Java SE product of Oracle Java SE (component: JCE). The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Security patch has been released CVE-2019-2842 P-856V-Java SE: 8u212 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-856V-Java SE: 8u212 Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1, 12.0.3, 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). Security patch has been released CVE-2019-2843 P-9099V-12.0.1 P-9099V-12.0.3 P-9099V-12.0.4 P-9099V-12.1.0 P-9099V-12.3.0 P-9099V-12.4.0 P-9099V-14.0.0 P-9099V-14.1.0 5.4 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-9099V-12.0.1 P-9099V-12.0.3 P-9099V-12.0.4 P-9099V-12.1.0 P-9099V-12.3.0 P-9099V-12.4.0 P-9099V-14.0.0 P-9099V-14.1.0 Vulnerability in the Oracle Solaris product of Oracle Systems (component: LDAP Client Tools). The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Security patch has been released CVE-2019-2844 P-10006V-11.4 8.8 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10006V-11.4 Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1, 12.0.3, 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Investor Servicing. CVSS 3.0 Base Score 3.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L). Security patch has been released CVE-2019-2845 P-9099V-12.0.1 P-9099V-12.0.3 P-9099V-12.0.4 P-9099V-12.1.0 P-9099V-12.3.0 P-9099V-12.4.0 P-9099V-14.0.0 P-9099V-14.1.0 3.5 AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-9099V-12.0.1 P-9099V-12.0.3 P-9099V-12.0.4 P-9099V-12.1.0 P-9099V-12.3.0 P-9099V-12.4.0 P-9099V-14.0.0 P-9099V-14.1.0 Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1, 12.0.3, 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Security patch has been released CVE-2019-2846 P-9099V-12.0.1 P-9099V-12.0.3 P-9099V-12.0.4 P-9099V-12.1.0 P-9099V-12.3.0 P-9099V-12.4.0 P-9099V-14.0.0 P-9099V-14.1.0 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-9099V-12.0.1 P-9099V-12.0.3 P-9099V-12.0.4 P-9099V-12.1.0 P-9099V-12.3.0 P-9099V-12.4.0 P-9099V-14.0.0 P-9099V-14.1.0 Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1, 12.0.3, 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N). Security patch has been released CVE-2019-2847 P-9099V-12.0.1 P-9099V-12.0.3 P-9099V-12.0.4 P-9099V-12.1.0 P-9099V-12.3.0 P-9099V-12.4.0 P-9099V-14.0.0 P-9099V-14.1.0 5.7 AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-9099V-12.0.1 P-9099V-12.0.3 P-9099V-12.0.4 P-9099V-12.1.0 P-9099V-12.3.0 P-9099V-12.4.0 P-9099V-14.0.0 P-9099V-14.1.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). Security patch has been released CVE-2019-2848 P-8370V-Prior to 5.2.32 P-8370V-prior to 6.0.10 6.5 AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8370V-Prior to 5.2.32 P-8370V-prior to 6.0.10 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. Note: The vulnerability affects Windows platforms only. CVSS 3.0 Base Score 2.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L). Security patch has been released CVE-2019-2850 P-8370V-Prior to 5.2.32 P-8370V-prior to 6.0.10 2.8 AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8370V-Prior to 5.2.32 P-8370V-prior to 6.0.10 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Security patch has been released CVE-2019-2852 P-2276V-8.5.4 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-2276V-8.5.4 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Security patch has been released CVE-2019-2853 P-2276V-8.5.4 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-2276V-8.5.4 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Security patch has been released CVE-2019-2854 P-2276V-8.5.4 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-2276V-8.5.4 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Security patch has been released CVE-2019-2855 P-2276V-8.5.4 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-2276V-8.5.4 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Application Container - JavaEE). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-2856 P-5242V-12.2.1.3.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-5242V-12.2.1.3.0 Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: UIF Open UI). Supported versions that are affected are 19.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel UI Framework accessible data as well as unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-2857 P-9011V-19.0 and prior 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-9011V-19.0 and prior Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Advanced Console). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Identity Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Identity Manager accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). Security patch has been released CVE-2019-2858 P-1980V-11.1.2.3.0 P-1980V-12.2.1.3.0 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-1980V-11.1.2.3.0 P-1980V-12.2.1.3.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Security patch has been released CVE-2019-2859 P-8370V-Prior to 5.2.32 P-8370V-prior to 6.0.10 8.8 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8370V-Prior to 5.2.32 P-8370V-prior to 6.0.10 Vulnerability in the Oracle Hyperion Planning product of Oracle Hyperion (component: Security). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion Planning. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hyperion Planning accessible data. CVSS 3.0 Base Score 4.2 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N). Security patch has been released CVE-2019-2861 P-4402V-11.1.2.4 4.2 AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-4402V-11.1.2.4 Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: Java). The supported version that is affected is 19.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle GraalVM Enterprise Edition accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GraalVM Enterprise Edition. CVSS 3.0 Base Score 6.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H). Security patch has been released CVE-2019-2862 P-13497V-19.0.0 6.8 AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-13497V-19.0.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). Security patch has been released CVE-2019-2863 P-8370V-Prior to 5.2.32 P-8370V-prior to 6.0.10 6.5 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8370V-Prior to 5.2.32 P-8370V-prior to 6.0.10 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). Security patch has been released CVE-2019-2864 P-8370V-Prior to 5.2.32 P-8370V-prior to 6.0.10 7.5 AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8370V-Prior to 5.2.32 P-8370V-prior to 6.0.10 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). Security patch has been released CVE-2019-2865 P-8370V-Prior to 5.2.32 P-8370V-prior to 6.0.10 7.5 AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8370V-Prior to 5.2.32 P-8370V-prior to 6.0.10 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). Security patch has been released CVE-2019-2866 P-8370V-Prior to 5.2.32 P-8370V-prior to 6.0.10 8.2 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8370V-Prior to 5.2.32 P-8370V-prior to 6.0.10 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). Security patch has been released CVE-2019-2867 P-8370V-Prior to 5.2.32 P-8370V-prior to 6.0.10 8.2 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8370V-Prior to 5.2.32 P-8370V-prior to 6.0.10 Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 12.1.6.1.23, 12.1.6.1.26, 12.1.6.1.29, 12.1.6.1.36, 12.1.6.2.23 and 12.1.6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-2868 P-2051V-12.1.6.1.23 P-2051V-12.1.6.1.26 P-2051V-12.1.6.1.29 P-2051V-12.1.6.1.36 P-2051V-12.1.6.2.23 P-2051V-12.1.6.2.32 7.0 AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-2051V-12.1.6.1.23 P-2051V-12.1.6.1.26 P-2051V-12.1.6.1.29 P-2051V-12.1.6.1.36 P-2051V-12.1.6.2.23 P-2051V-12.1.6.2.32 Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 12.1.6.1.23, 12.1.6.1.26, 12.1.6.1.29, 12.1.6.1.36, 12.1.6.2.23 and 12.1.6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-2869 P-2051V-12.1.6.1.23 P-2051V-12.1.6.1.26 P-2051V-12.1.6.1.29 P-2051V-12.1.6.1.36 P-2051V-12.1.6.2.23 P-2051V-12.1.6.2.32 7.0 AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-2051V-12.1.6.1.23 P-2051V-12.1.6.1.26 P-2051V-12.1.6.1.29 P-2051V-12.1.6.1.36 P-2051V-12.1.6.2.23 P-2051V-12.1.6.2.32 Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 12.1.6.1.23, 12.1.6.1.26, 12.1.6.1.29, 12.1.6.1.36, 12.1.6.2.23 and 12.1.6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-2870 P-2051V-12.1.6.1.23 P-2051V-12.1.6.1.26 P-2051V-12.1.6.1.29 P-2051V-12.1.6.1.36 P-2051V-12.1.6.2.23 P-2051V-12.1.6.2.32 7.0 AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-2051V-12.1.6.1.23 P-2051V-12.1.6.1.26 P-2051V-12.1.6.1.29 P-2051V-12.1.6.1.36 P-2051V-12.1.6.2.23 P-2051V-12.1.6.2.32 Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 12.1.6.1.23, 12.1.6.1.26, 12.1.6.1.29, 12.1.6.1.36, 12.1.6.2.23 and 12.1.6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-2871 P-2051V-12.1.6.1.23 P-2051V-12.1.6.1.26 P-2051V-12.1.6.1.29 P-2051V-12.1.6.1.36 P-2051V-12.1.6.2.23 P-2051V-12.1.6.2.32 7.0 AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-2051V-12.1.6.1.23 P-2051V-12.1.6.1.26 P-2051V-12.1.6.1.29 P-2051V-12.1.6.1.36 P-2051V-12.1.6.2.23 P-2051V-12.1.6.2.32 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). Security patch has been released CVE-2019-2873 P-8370V-Prior to 5.2.32 P-8370V-prior to 6.0.10 3.3 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8370V-Prior to 5.2.32 P-8370V-prior to 6.0.10 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). Security patch has been released CVE-2019-2874 P-8370V-Prior to 5.2.32 P-8370V-prior to 6.0.10 3.3 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8370V-Prior to 5.2.32 P-8370V-prior to 6.0.10 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). Security patch has been released CVE-2019-2875 P-8370V-Prior to 5.2.32 P-8370V-prior to 6.0.10 3.3 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8370V-Prior to 5.2.32 P-8370V-prior to 6.0.10 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). Security patch has been released CVE-2019-2876 P-8370V-Prior to 5.2.32 P-8370V-prior to 6.0.10 3.3 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8370V-Prior to 5.2.32 P-8370V-prior to 6.0.10 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-2877 P-8370V-Prior to 5.2.32 P-8370V-prior to 6.0.10 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8370V-Prior to 5.2.32 P-8370V-prior to 6.0.10 Vulnerability in the Sun ZFS Storage Appliance Kit (AK) product of Oracle Systems (component: HTTP data path subsystems). The supported version that is affected is 8.8.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Sun ZFS Storage Appliance Kit (AK) accessible data as well as unauthorized read access to a subset of Sun ZFS Storage Appliance Kit (AK) accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Security patch has been released CVE-2019-2878 P-10026V-8.8.3 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10026V-8.8.3 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Security patch has been released CVE-2019-2879 P-8478V-8.0.16 and prior 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8478V-8.0.16 and prior Vulnerability in the Enterprise Manager Ops Center product of Oracle Enterprise Manager (component: Networking (cURL)). Supported versions that are affected are 12.3.3 and 12.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in takeover of Enterprise Manager Ops Center. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-3822 P-9835V-12.3.3 P-9835V-12.4.0 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-9835V-12.3.3 P-9835V-12.4.0 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (cURL)). Supported versions that are affected are 5.7.26 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-3822 P-8478V-5.7.26 and prior P-8478V-8.0.15 and prior 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-8478V-5.7.26 and prior P-8478V-8.0.15 and prior Vulnerability in the Services Tools Bundle product of Oracle Support Tools (component: Utilities (cURL)). The supported version that is affected is 19.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Services Tools Bundle. Successful attacks of this vulnerability can result in takeover of Services Tools Bundle. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Security patch has been released CVE-2019-3822 P-1330V-19.2 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-1330V-19.2 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). Supported versions that are affected are 11.4 and 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via IPv6 to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.0 Base Score 9.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H). Security patch has been released CVE-2019-5597 P-10006V-11.4 P-10006V-11.3 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10006V-11.4 P-10006V-11.3 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via ICMPv6 to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data. CVSS 3.0 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). Security patch has been released CVE-2019-5598 P-10006V-11.4 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-10006V-11.4 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: AWT (libpng)). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H). Security patch has been released CVE-2019-7317 P-856V-Java SE: 7u221 P-856V-8u212 P-856V-11.0.3 P-856V-12.0.1; Java SE Embedded: 8u211 6.8 AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H CPUJul2019 Oracle customers with valid support contracts https://www.oracle.com/security-alerts/cpujul2019-5072835.html P-856V-Java SE: 7u221 P-856V-8u212 P-856V-11.0.3 P-856V-12.0.1; Java SE Embedded: 8u211