This document provides the text form of the CPUJul2012 Advisory Risk Matrices. Please note that the CVE numbers in this document correspond to the same CVE numbers in the CPUJul2012 Advisory
This page contains the following text format Risk Matrices:
This table provides the text form of the Risk Matrix for Oracle Database Server.
CVE Identifier | Description |
---|---|
CVE-2012-1745 | Vulnerability in the Network Layer component of Oracle Database Server. Supported versions that are affected are 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2 and 11.2.0.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Network Layer. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-1746 | Vulnerability in the Network Layer component of Oracle Database Server. Supported versions that are affected are 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2 and 11.2.0.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Network Layer. Note: The vulnerability affects Microsoft Windows platforms only. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-1747 | Vulnerability in the Network Layer component of Oracle Database Server. Supported versions that are affected are 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2 and 11.2.0.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Network Layer. Note: The vulnerability affects Microsoft Windows platforms only. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-3134 | Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Create session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.2 and 11.2.0.3. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Core RDBMS. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
This table provides the text form of the Risk Matrix for Oracle Application Express Listener.
CVE Identifier | Description |
---|---|
CVE-2012-1740 | Vulnerability in the Oracle Application Express Listener component of Oracle Application Express Listener. Supported versions that are affected are 1.1-ea, 1.1.1, 1.1.2 and 1.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to any arbitrary Operating System location. Note: The CVSS Base Score is 7.8 only for Windows. For Linux, Unix and other platforms, the CVSS Base Score is 5.0, and the impact for Confidentiality is Partial+. Application Express Listener is an Oracle product that is independent of Application Express, is not part of the Application Express distribution and can only be obtained via OTN downloads. It is used as an alternative method of providing TLS protected communication between Application Express and clients. Only those customers that have chosen to download and install this separate application need to apply this patch. CVSS Base Score 7.8 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N). (legend) [Advisory] |
This table provides the text form of the Risk Matrix for Oracle Secure Backup.
CVE Identifier | Description |
---|---|
CVE-2011-3192 | Vulnerability in the Apache component of Oracle Secure Backup. Supported versions that are affected are 10.3.0.3 and 10.4.0.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 7.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory] |
CVE-2011-4885 | Vulnerability in the PHP component of Oracle Secure Backup. Supported versions that are affected are 10.3.0.3 and 10.4.0.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PHP. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
This table provides the text form of the Risk Matrix for Oracle Fusion Middleware.
CVE Identifier | Description |
---|---|
CVE-2011-3368 | Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). Supported versions that are affected are 10.1.3.5, 11.1.1.5 and 11.1.2.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle HTTP Server accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
CVE-2011-3562 | Vulnerability in the Portal component of Oracle Fusion Middleware. For supported versions that are affected see note. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Portal accessible data. Note: Fixed in all supported releases and patchsets. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2011-4317 | Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). Supported versions that are affected are 10.1.3.5, 11.1.1.5, 11.1.1.6 and 11.1.2.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle HTTP Server accessible data. Note: This also addresses the vulnerabilities of CVE-2011-3607, CVE-2012-0021, CVE-2012-0031 and CVE-2012-0053. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2012-1736 | Vulnerability in the Oracle MapViewer component of Oracle Fusion Middleware (subcomponent: Oracle Maps). The supported version that is affected is 10.1.3.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to all Oracle MapViewer accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
CVE-2012-1741 | Vulnerability in the Enterprise Manager for Fusion Middleware component of Oracle Fusion Middleware (subcomponent: User Administration Pages). The supported version that is affected is 10.1.3.5. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager for Fusion Middleware accessible data as well as read access to a subset of Enterprise Manager for Fusion Middleware accessible data. CVSS Base Score 5.8 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
CVE-2012-1744 | Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.3.5 and 8.3.7. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-1749 | Vulnerability in the Oracle MapViewer component of Oracle Fusion Middleware (subcomponent: Oracle Maps). Supported versions that are affected are 10.1.3.1 and 11.1.1.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to all Oracle MapViewer accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
CVE-2012-1766 | Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.3.5 and 8.3.7. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-1767 | Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.3.5 and 8.3.7. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-1768 | Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.3.7. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-1769 | Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.3.5 and 8.3.7. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-1770 | Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.3.5 and 8.3.7. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-1771 | Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.3.5 and 8.3.7. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-1772 | Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.3.5 and 8.3.7. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-1773 | Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.3.5 and 8.3.7. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-3106 | Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.3.5 and 8.3.7. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-3107 | Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.3.5 and 8.3.7. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-3108 | Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.3.5 and 8.3.7. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-3109 | Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.3.7. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-3110 | Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.3.5 and 8.3.7. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-3115 | Vulnerability in the Oracle MapViewer component of Oracle Fusion Middleware (subcomponent: Install). Supported versions that are affected are 10.1.3.1, 11.1.1.5 and 11.1.1.6. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle MapViewer accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2012-3135 | Vulnerability in the Oracle JRockit component of Oracle Fusion Middleware. Supported versions that are affected are 28.2.3 and before: JDK/JRE 5 and 6 and 27.7.2 and before: JKD/JRE 5 and 6. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Oracle released a Java SE Critical Patch Update in June 2012 to address multiple vulnerabilities affecting the Java Runtime Environment. Oracle CVE-2012-3135 refers to the advisories that were applicable to JRockit from the Java SE Critical Patch Update. The CVSS score of this vulnerability CVE# reflects the highest among those fixed in JRockit. The complete list of all vulnerabilities addressed in JRockit under CVE-2012-3135 is as follows: CVE-2012-1713, CVE-2012-1724, CVE-2012-1718, CVE-2012-1717, and CVE-2012-1720. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
This table provides the text form of the Risk Matrix for Oracle Hyperion.
CVE Identifier | Description |
---|---|
CVE-2012-1729 | Vulnerability in the Hyperion BI+ component of Oracle Hyperion (subcomponent: UI and Visualization). Supported versions that are affected are 11.1.1.3 and earlier. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Hyperion BI+ accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
This table provides the text form of the Risk Matrix for Oracle Enterprise Manager Grid Control.
CVE Identifier | Description |
---|---|
CVE-2012-1737 | Vulnerability in the Enterprise Manager for Oracle Database component of Oracle Enterprise Manager Grid Control (subcomponent: DB Performance Advisories/UIs). Supported versions that are affected are EM Base Platform 10.2.0.5, EM Base Platform 11.1.0.1, EM Plugin for DB 12.1.0.1 and EM Plugin for DB 12.1.0.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager for Oracle Database accessible data as well as read access to a subset of Enterprise Manager for Oracle Database accessible data and ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
This table provides the text form of the Risk Matrix for Oracle E-Business Suite.
CVE Identifier | Description |
---|---|
CVE-2012-1715 | Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: HTML Pages). Supported versions that are affected are 11.5.10.2, 12.0.6 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Object Library accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2012-1727 | Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Document Repository). Supported versions that are affected are 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2 and 12.1.3. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Object Library accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2012-1730 | Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Password Management). Supported versions that are affected are 11.5.10.2, 12.0.6 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Object Library accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2012-1739 | Vulnerability in the Oracle E-Business Intelligence component of Oracle E-Business Suite (subcomponent: Financials Business Intelligence). Supported versions that are affected are 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2 and 12.1.3. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle E-Business Intelligence accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
This table provides the text form of the Risk Matrix for Oracle Supply Chain Products Suite.
CVE Identifier | Description |
---|---|
CVE-2012-1758 | Vulnerability in the Oracle AutoVue component of Oracle Supply Chain Products Suite. Supported versions that are affected are 20.0.2 and 20.1. Easily exploitable vulnerability allows successful authenticated network attacks via File. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle AutoVue. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-1759 | Vulnerability in the Oracle AutoVue component of Oracle Supply Chain Products Suite. Supported versions that are affected are 20.0.2 and 20.1. Easily exploitable vulnerability allows successful authenticated network attacks via File. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle AutoVue . CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-3114 | Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite. Supported versions that are affected are 5.5.06, 6.0, 6.1 and 6.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Transportation Management accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2012-3116 | Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite. Supported versions that are affected are 5.5.06, 6.0, 6.1 and 6.2. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Transportation Management accessible data. CVSS Base Score 1.9 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
CVE-2012-3117 | Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite. Supported versions that are affected are 5.5.06, 6.0, 6.1 and 6.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Transportation Management accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
This table provides the text form of the Risk Matrix for Oracle PeopleSoft Products.
CVE Identifier | Description |
---|---|
CVE-2012-1733 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: CM). Supported versions that are affected are 8.50, 8.51 and 8.52. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
CVE-2012-1748 | Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: Candidate Gateway). The supported version that is affected is 9.1. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HRMS accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
CVE-2012-1753 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PC). Supported versions that are affected are 8.50, 8.51 and 8.52. Difficult to exploit vulnerability allows successful network attacks via HTTP, requiring multiple authentications. Successful attack of this vulnerability can result in unauthorized read access to all PeopleSoft Enterprise PeopleTools accessible data as well as update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data and ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools. CVSS Base Score 5.4 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:M/C:P/I:P/A:P). (legend) [Advisory] |
CVE-2012-1762 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: TECH). Supported versions that are affected are 8.50, 8.51 and 8.52. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2012-1764 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: MCF). Supported versions that are affected are 8.50, 8.51 and 8.52. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2012-3111 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: TECH). Supported versions that are affected are 8.50, 8.51 and 8.52. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2012-3113 | Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: EPERF). The supported version that is affected is 9.0.20. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise HRMS accessible data as well as read access to a subset of PeopleSoft Enterprise HRMS accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
CVE-2012-3118 | Vulnerability in the PeoleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PANPROC). The supported version that is affected is 8.52. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeoleSoft Enterprise PeopleTools accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
CVE-2012-3119 | Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: Candidate Gateway). The supported version that is affected is 9.0.20. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP . Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HRMS accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
This table provides the text form of the Risk Matrix for Oracle Siebel CRM.
CVE Identifier | Description |
---|---|
CVE-2012-1728 | Vulnerability in the Siebel CRM component of Oracle Siebel CRM (subcomponent: Portal Framework). Supported versions that are affected are 8.1.1 and 8.2.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Siebel CRM accessible data as well as read access to a subset of Siebel CRM accessible data. CVSS Base Score 5.8 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
CVE-2012-1731 | Vulnerability in the Siebel CRM component of Oracle Siebel CRM (subcomponent: Web UI). Supported versions that are affected are 8.1.1 and 8.2.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Siebel CRM accessible data as well as read access to a subset of Siebel CRM accessible data and ability to cause a partial denial of service (partial DOS) of Siebel CRM. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
CVE-2012-1732 | Vulnerability in the Siebel CRM component of Oracle Siebel CRM (subcomponent: UI Framework). Supported versions that are affected are 8.1.1 and 8.2.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Siebel CRM accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
CVE-2012-1742 | Vulnerability in the Siebel CRM component of Oracle Siebel CRM (subcomponent: UI Framework). Supported versions that are affected are 8.1.1 and 8.2.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Siebel CRM. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-1754 | Vulnerability in the Siebel CRM component of Oracle Siebel CRM (subcomponent: UI Framework). Supported versions that are affected are 8.1.1 and 8.2.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Siebel CRM accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
CVE-2012-1760 | Vulnerability in the Siebel CRM component of Oracle Siebel CRM (subcomponent: UI Framework). Supported versions that are affected are 8.1.1 and 8.2.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM. CVSS Base Score 4.3 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-1761 | Vulnerability in the Siebel CRM component of Oracle Siebel CRM (subcomponent: UI Framework). Supported versions that are affected are 8.1.1 and 8.2.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Siebel CRM accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
This table provides the text form of the Risk Matrix for Oracle Industry Applications.
CVE Identifier | Description |
---|---|
CVE-2012-1743 | Vulnerability in the Oracle Clinical Remote Data Capture Option component of Oracle Industry Applications (subcomponent: HTML Surround). Supported versions that are affected are 4.6.0.x, 4.6.2 and 4.6.3. Difficult to exploit vulnerability allows successful network attacks via HTTP, requiring multiple authentications. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Clinical Remote Data Capture Option accessible data. CVSS Base Score 2.8 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:M/C:P/I:N/A:N). (legend) [Advisory] |
This table provides the text form of the Risk Matrix for Oracle Sun Products Suite.
CVE Identifier | Description |
---|---|
CVE-2001-0323 | Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: TCP/IP). Supported versions that are affected are 8, 9 and 10. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 6.4 (Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:P). (legend) [Advisory] |
CVE-2008-4609 | Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: TCP/IP). Supported versions that are affected are 8, 9 and 10. Difficult to exploit vulnerability allows successful unauthenticated network attacks via TCP. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 7.1 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C). (legend) [Advisory] |
CVE-2011-0419 | Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Library/libc). Supported versions that are affected are 9 and 10. Difficult to exploit vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 4.3 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2011-2699 | Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: TCP/IP). Supported versions that are affected are 8, 9 and 10. Easily exploitable vulnerability allows successful unauthenticated network attacks via IPv6. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data. CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2011-4358 | Vulnerability in the GlassFish Enterprise Server component of Oracle Sun Products Suite (subcomponent: JSF). Supported versions that are affected are 3.0.1 and 3.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some GlassFish Enterprise Server accessible data as well as read access to a subset of GlassFish Enterprise Server accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
CVE-2012-0563 | Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kerberos/klist). Supported versions that are affected are 9, 10 and 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-1687 | Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Logical Domains (LDOM)). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS) as well as update, insert or delete access to some Solaris accessible data. CVSS Base Score 5.6 (Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:P/A:C). (legend) [Advisory] |
CVE-2012-1738 | Vulnerability in the Oracle iPlanet Web Server component of Oracle Sun Products Suite (subcomponent: Web Server). Supported versions that are affected are Java System Web Server 6.1 and Oracle iPlanet Web Server 7.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle iPlanet Web Server. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-1750 | Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: mailx(1)). Supported versions that are affected are 8, 9, 10 and 11. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 4.4 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
CVE-2012-1752 | Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel/NFS). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory] |
CVE-2012-1765 | Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Branded Zone). The supported version that is affected is 10. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized write access to any arbitrary Operating System location. CVSS Base Score 4.7 (Integrity impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:C/A:N). (legend) [Advisory] |
CVE-2012-3112 | Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Solaris Management Console). The supported version that is affected is 10. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2012-3120 | Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: TCP/IP). The supported version that is affected is 8. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 7.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory] |
CVE-2012-3121 | Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: in.tnamed(1M)). Supported versions that are affected are 9 and 10. Easily exploitable vulnerability allows successful unauthenticated network attacks via NameServer. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-3122 | Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: sort(1)). Supported versions that are affected are 8 and 9. Very difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data. CVSS Base Score 2.6 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:L/AC:H/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
CVE-2012-3123 | Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Apache HTTP Server). The supported version that is affected is 10. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
CVE-2012-3124 | Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel/KSSL). The supported version that is affected is 10. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSL. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-3125 | Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: TCP/IP). Supported versions that are affected are 8, 9 and 10. Difficult to exploit vulnerability allows successful unauthenticated network attacks via TCP. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 7.1 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C). (legend) [Advisory] |
CVE-2012-3126 | Vulnerability in the Solaris Cluster component of Oracle Sun Products Suite (subcomponent: Apache Tomcat Agent). The supported version that is affected is 3.3. Very difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2012-3127 | Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: SCTP(7P)). The supported version that is affected is 10. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via SCTP. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 5.4 (Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:N/I:N/A:C). (legend) [Advisory] |
CVE-2012-3128 | Vulnerability in the SPARC T-Series Servers component of Oracle Sun Products Suite (subcomponent: Integrated Lights Out Manager). Supported versions that are affected are System Firmware 8.1.4.e or earlier and System Firmware 8.2.0. Very difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some SPARC T-Series Servers accessible data as well as read access to a subset of SPARC T-Series Servers accessible data and ability to cause a partial denial of service (partial DOS) of SPARC T-Series Servers. Note: CVE-2012-3128: Specific server products affected are: SPARC T4-1, SPARC T4-1B, SPARC T4-2, SPARC T4-4, Netra SPARC T4-1, Netra SPARC T4-1B, Netra SPARC T4-2, SPARC T3-1, SPARC T3-1B, SPARC T3-2, SPARC T3-4, Netra SPARC T3-1, Netra SPARC T3-1B. CVSS Base Score 3.7 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
CVE-2012-3129 | Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Gnome PDF viewer). The supported version that is affected is 10. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via None. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 5.1 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
CVE-2012-3130 | Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: pkg.depotd(1M)). The supported version that is affected is 11. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2012-3131 | Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Network/NFS). Supported versions that are affected are 9, 10 and 11. Difficult to exploit vulnerability allows successful unauthenticated network attacks via NFS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data. CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
This table provides the text form of the Risk Matrix for Oracle MySQL.
CVE Identifier | Description |
---|---|
CVE-2012-0540 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: GIS Extension). Supported versions that are affected are 5.1.62 and earlier and 5.5.23 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-1689 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.62 and earlier and 5.5.22 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-1734 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.62 and earlier and 5.5.23 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-1735 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.5.23 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 6.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C). (legend) [Advisory] |
CVE-2012-1756 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server). Supported versions that are affected are 5.5.23 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-1757 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.23 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |