Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices

This document provides the text form of the CPUJul2015 Advisory Risk Matrices. Please note that the CVE numbers in this document correspond to the same CVE numbers in the CPUJul2015 Advisory

This page contains the following text format Risk Matrices:

Text Form of Risk Matrix for Oracle Database Server

This table provides the text form of the Risk Matrix for Oracle Database Server.

CVE Identifier Description
CVE-2015-0468 Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Analyze Any or Create Materialized View privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3 and 12.1.0.1. Difficult to exploit vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized takeover of Core RDBMS possibly including arbitrary code execution within the Core RDBMS.

CVSS Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P). (legend) [Advisory]
CVE-2015-2585 Vulnerability in the Application Express component of Oracle Database Server. This vulnerability requires Valid Account privileges for a successful attack. The supported version that is affected is All versions prior to 5.0. Very difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Application Express.

CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-2586 Vulnerability in the Application Express component of Oracle Database Server. The supported version that is affected is All releases prior to 4.2.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Application Express.

CVSS Base Score 4.3 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-2595 Vulnerability in the Oracle OLAP component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized takeover of Oracle OLAP possibly including arbitrary code execution within the Oracle OLAP.

CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory]
CVE-2015-2599 Vulnerability in the RDBMS Scheduler component of Oracle Database Server. This vulnerability requires Alter Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to all RDBMS Scheduler accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2015-2629 Vulnerability in the Java VM component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: The CVSS score is 9.0 only on Windows for Database versions prior to 12c. The CVSS is 6.5 (Confidentiality, Integrity and Availability is "Partial+") for Database 12c on Windows and for all versions of Database on Linux, Unix and other platforms.

CVSS Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-2655 Vulnerability in the Application Express component of Oracle Database Server. This vulnerability requires Valid Account privileges for a successful attack. The supported version that is affected is All versions prior to 4.2.3.00.08. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Application Express accessible data as well as read access to a subset of Application Express accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2015-4740 Vulnerability in the RDBMS Partitioning component of Oracle Database Server. This vulnerability requires Create Session, Create Any Index, Index object privilege on a Table privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Difficult to exploit vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized takeover of RDBMS Partitioning possibly including arbitrary code execution within the RDBMS Partitioning.

CVSS Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P). (legend) [Advisory]
CVE-2015-4753 Vulnerability in the RDBMS Support Tools component of Oracle Database Server. Supported versions that are affected are 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to all RDBMS Support Tools accessible data.

CVSS Base Score 2.1 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2015-4755 Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 12.1.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of RDBMS Security accessible data.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Fusion Middleware

This table provides the text form of the Risk Matrix for Oracle Fusion Middleware.

CVE Identifier Description
CVE-2013-2186 Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: BI Platform Security). Supported versions that are affected are 11.1.1.7 and 11.1.1.9. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Business Intelligence Enterprise Edition accessible data as well as read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2014-1568 Vulnerability in the Oracle Directory Server Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Admin Server). Supported versions that are affected are 7.0 and 11.1.1.7. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Directory Server Enterprise Edition accessible data as well as read access to a subset of Oracle Directory Server Enterprise Edition accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Directory Server Enterprise Edition.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2014-1568 Vulnerability in the Oracle OpenSSO component of Oracle Fusion Middleware (subcomponent: Web Agents). Supported versions that are affected are 3.0-05. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle OpenSSO accessible data as well as read access to a subset of Oracle OpenSSO accessible data and ability to cause a partial denial of service (partial DOS) of Oracle OpenSSO.

Note: This fix also addresses CVE-2014-1569.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2014-1568 Vulnerability in the Oracle Traffic Director component of Oracle Fusion Middleware (subcomponent: Security). The supported version that is affected is 11.1.1.7.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Traffic Director accessible data as well as read access to a subset of Oracle Traffic Director accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Traffic Director.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2014-1569 Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). The supported version that is affected is 2.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle GlassFish Server accessible data as well as read access to a subset of Oracle GlassFish Server accessible data and ability to cause a partial denial of service (partial DOS) of Oracle GlassFish Server.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2014-1569 Vulnerability in the Oracle iPlanet Web Proxy Server component of Oracle Fusion Middleware (subcomponent: Security). The supported version that is affected is 4.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle iPlanet Web Proxy Server accessible data as well as read access to a subset of Oracle iPlanet Web Proxy Server accessible data and ability to cause a partial denial of service (partial DOS) of Oracle iPlanet Web Proxy Server.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2014-1569 Vulnerability in the Oracle iPlanet Web Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 6.1 and 7.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle iPlanet Web Server accessible data as well as read access to a subset of Oracle iPlanet Web Server accessible data and ability to cause a partial denial of service (partial DOS) of Oracle iPlanet Web Server.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2014-3566 Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Network Encryption). Supported versions that are affected are SALT 10.3 and SALT 11.1.1.2.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Tuxedo accessible data.

CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2014-3567 Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Network Encryption). The supported version that is affected is Tuxedo 12.1.1.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 7.1 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2014-3571 Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Network Encryption). The supported version that is affected is Tuxedo 12.1.1.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Tuxedo.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2014-7809 Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Community). Supported versions that are affected are 11.1.1.6.1 Community, 11.1.1.8.0 Community and 12.2.1.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebCenter Sites accessible data as well as read access to a subset of Oracle WebCenter Sites accessible data and ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Sites.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2015-0286 Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Network Encryption). The supported version that is affected is Tuxedo 12.1.1.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Tuxedo.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-0286 Vulnerability in the Oracle Exalogic Infrastructure component of Oracle Fusion Middleware (subcomponent: Network Infra Framework). The supported version that is affected is 2.0.6.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Exalogic Infrastructure.

Note: The fix also addresses CVE-2015-0204,CVE-2015-0288,CVE-2015-0291,CVE-2015-0289,CVE-2015-0287,CVE-2015-0285,CVE-2015-0209,CVE-2015-0290,CVE-2015-0208,CVE-2015-0207,CVE-2015-0293,CVE-2015-0292 and CVE-2015-1787.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-0443 Vulnerability in the Oracle Data Integrator component of Oracle Fusion Middleware (subcomponent: Data Quality based on Trillium). The supported version that is affected is 11.1.1.3.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Data Integrator accessible data as well as read access to a subset of Oracle Data Integrator accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Data Integrator.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2015-0444 Vulnerability in the Oracle Data Integrator component of Oracle Fusion Middleware (subcomponent: Data Quality based on Trillium). The supported version that is affected is 11.1.1.3.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Data Integrator accessible data as well as read access to a subset of Oracle Data Integrator accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Data Integrator.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2015-0445 Vulnerability in the Oracle Data Integrator component of Oracle Fusion Middleware (subcomponent: Data Quality based on Trillium). The supported version that is affected is 11.1.1.3.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Data Integrator accessible data as well as read access to a subset of Oracle Data Integrator accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Data Integrator.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2015-0446 Vulnerability in the Oracle Data Integrator component of Oracle Fusion Middleware (subcomponent: Data Quality based on Trillium). The supported version that is affected is 11.1.1.3.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Data Integrator accessible data as well as read access to a subset of Oracle Data Integrator accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Data Integrator.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2015-1926 Vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: Portlet Services). Supported versions that are affected are 11.1.1.8.0 and 11.1.1.9.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebCenter Portal accessible data as well as read access to a subset of Oracle WebCenter Portal accessible data.

Note: Please refer to My Oracle Support Note 2029169.1 for instructions on how to address this issue.This fix also addresses CVE-2015-3244.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2015-2593 Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Configuration Service). The supported version that is affected is 11.1.2.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP, but can only be launched from an adjacent network. Successful attack of this vulnerability can result in unauthorized write access to any arbitrary Operating System location as well as read access to any arbitrary Operating System location.

CVSS Base Score 7.1 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:A/AC:L/Au:S/C:C/I:C/A:N). (legend) [Advisory]
CVE-2015-2598 Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Mobile - iPad). The supported version that is affected is All versions prior to mobile app 11.1.1.7.0 (11.6.39). Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Business Intelligence Enterprise Edition accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2015-2602 Vulnerability in the Oracle Endeca Information Discovery Studio component of Oracle Fusion Middleware (subcomponent: Integrator). Supported versions that are affected are 2.2.2, 2.3, 2.4, 3.0 and 3.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Endeca Information Discovery Studio accessible data as well as read access to a subset of Oracle Endeca Information Discovery Studio accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Endeca Information Discovery Studio.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2015-2603 Vulnerability in the Oracle Endeca Information Discovery Studio component of Oracle Fusion Middleware (subcomponent: Integrator). Supported versions that are affected are 2.2.2, 2.3, 2.4, 3.0 and 3.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Endeca Information Discovery Studio accessible data as well as read access to a subset of Oracle Endeca Information Discovery Studio accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Endeca Information Discovery Studio.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2015-2604 Vulnerability in the Oracle Endeca Information Discovery Studio component of Oracle Fusion Middleware (subcomponent: Integrator). Supported versions that are affected are 2.2.2, 2.3, 2.4, 3.0 and 3.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Endeca Information Discovery Studio accessible data as well as read access to a subset of Oracle Endeca Information Discovery Studio accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Endeca Information Discovery Studio.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2015-2605 Vulnerability in the Oracle Endeca Information Discovery Studio component of Oracle Fusion Middleware (subcomponent: Integrator). Supported versions that are affected are 2.2.2, 2.3, 2.4, 3.0 and 3.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Endeca Information Discovery Studio accessible data as well as read access to a subset of Oracle Endeca Information Discovery Studio accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Endeca Information Discovery Studio.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2015-2606 Vulnerability in the Oracle Endeca Information Discovery Studio component of Oracle Fusion Middleware (subcomponent: Integrator). Supported versions that are affected are 2.2.2, 2.3, 2.4, 3.0 and 3.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Endeca Information Discovery Studio accessible data as well as read access to a subset of Oracle Endeca Information Discovery Studio accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Endeca Information Discovery Studio.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2015-2623 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). Supported versions that are affected are 10.3.6.0, 12.1.1.0, 12.1.2.0 and 12.1.3.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebLogic Server accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2015-2623 Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). Supported versions that are affected are 3.0.1 and 3.1.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle GlassFish Server accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2015-2634 Vulnerability in the Oracle Data Integrator component of Oracle Fusion Middleware (subcomponent: Data Quality based on Trillium). The supported version that is affected is 11.1.1.3.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Data Integrator accessible data as well as read access to a subset of Oracle Data Integrator accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Data Integrator.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2015-2635 Vulnerability in the Oracle Data Integrator component of Oracle Fusion Middleware (subcomponent: Data Quality based on Trillium). The supported version that is affected is 11.1.1.3.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Data Integrator accessible data as well as read access to a subset of Oracle Data Integrator accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Data Integrator.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2015-2636 Vulnerability in the Oracle Data Integrator component of Oracle Fusion Middleware (subcomponent: Data Quality based on Trillium). The supported version that is affected is 11.1.1.3.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Data Integrator accessible data as well as read access to a subset of Oracle Data Integrator accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Data Integrator.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2015-2658 Vulnerability in the Web Cache component of Oracle Fusion Middleware (subcomponent: SSL/TLS Support). The supported version that is affected is 11.1.1.7.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Web Cache accessible data.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2015-4742 Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: ADF Faces). Supported versions that are affected are 11.1.1.7.0, 11.1.2.4.0, 12.1.2.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle JDeveloper.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-4744 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 10.3.6.0, 12.1.1.0, 12.1.2.0 and 12.1.3.0. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebLogic Server accessible data.

CVSS Base Score 2.6 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2015-4744 Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle GlassFish Server accessible data.

CVSS Base Score 2.6 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2015-4745 Vulnerability in the Oracle Endeca Information Discovery Studio component of Oracle Fusion Middleware (subcomponent: Integrator). Supported versions that are affected are 2.2.2, 2.3, 2.4, 3.0 and 3.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Endeca Information Discovery Studio accessible data as well as read access to a subset of Oracle Endeca Information Discovery Studio accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Endeca Information Discovery Studio.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2015-4747 Vulnerability in the Oracle Event Processing component of Oracle Fusion Middleware (subcomponent: CEP system). Supported versions that are affected are 11.1.1.7 and 12.1.3.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Event Processing accessible data as well as read access to a subset of Oracle Event Processing accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Event Processing.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2015-4751 Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Authentication Engine). Supported versions that are affected are 11.1.1.7 and 11.1.2.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Access Manager.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-4758 Vulnerability in the Oracle Data Integrator component of Oracle Fusion Middleware (subcomponent: Data Quality based on Trillium). The supported version that is affected is 11.1.1.3.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Data Integrator accessible data as well as read access to a subset of Oracle Data Integrator accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Data Integrator.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2015-4759 Vulnerability in the Oracle Data Integrator component of Oracle Fusion Middleware (subcomponent: Data Quality based on Trillium). The supported version that is affected is 11.1.1.3.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Data Integrator accessible data as well as read access to a subset of Oracle Data Integrator accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Data Integrator.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Hyperion

This table provides the text form of the Risk Matrix for Oracle Hyperion.

CVE Identifier Description
CVE-2012-0036 Vulnerability in the Hyperion Essbase component of Oracle Hyperion (subcomponent: Infrastructure). Supported versions that are affected are 11.1.2.2 and 11.1.2.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Hyperion Essbase accessible data as well as read access to a subset of Hyperion Essbase accessible data and ability to cause a partial denial of service (partial DOS) of Hyperion Essbase.

Note: This fix also addresses CVE-2011-3389, CVE-2013-0249, CVE-2013-2174, CVE-2013-4545, CVE-2013-6422, CVE-2014-0015, CVE-2014-0138, CVE-2014-0139, CVE-2014-3613, CVE-2014-3707 .

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2015-2584 Vulnerability in the Hyperion Enterprise Performance Management Architect component of Oracle Hyperion (subcomponent: Security). Supported versions that are affected are 11.1.2.2 and 11.1.2.3. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Hyperion Enterprise Performance Management Architect accessible data.

CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2015-2592 Vulnerability in the Hyperion Enterprise Performance Management Architect component of Oracle Hyperion (subcomponent: Security). Supported versions that are affected are 11.1.2.2 and 11.1.2.3. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Hyperion Enterprise Performance Management Architect accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2015-4773 Vulnerability in the Hyperion Common Security component of Oracle Hyperion (subcomponent: User Account Update). Supported versions that are affected are 11.1.2.2, 11.1.2.3 and 11.1.2.4. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Hyperion Common Security .

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Enterprise Manager Grid Control

This table provides the text form of the Risk Matrix for Oracle Enterprise Manager Grid Control.

CVE Identifier Description
CVE-2015-2646 Vulnerability in the Enterprise Manager for Oracle Database component of Oracle Enterprise Manager Grid Control (subcomponent: Content Management). Supported versions that are affected are EM Base Platform: 11.1.0.1; EM Plugin for DB: 12.1.0.5, 12.1.0.6, 12.1.0.7; EM DB Control: 11.1.0.7, 11.2.0.3 and 11.2.0.4. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager for Oracle Database accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2015-2647 Vulnerability in the Enterprise Manager for Oracle Database component of Oracle Enterprise Manager Grid Control (subcomponent: Content Management). Supported versions that are affected are EM Base Platform: 11.1.0.1; EM Plugin for DB: 12.1.0.5, 12.1.0.6, 12.1.0.7; EM DB Control: 11.1.0.7, 11.2.0.3 and 11.2.0.4. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Enterprise Manager for Oracle Database accessible data as well as read access to all Enterprise Manager for Oracle Database accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2015-4735 Vulnerability in the Enterprise Manager for Oracle Database component of Oracle Enterprise Manager Grid Control (subcomponent: RAC Management). Supported versions that are affected are EM Base Platform: 11.1.0.1; EM DB Control: 11.2.0.3 and 11.2.0.4. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Enterprise Manager for Oracle Database accessible data.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]

Text Form of Risk Matrix for Oracle E-Business Suite

This table provides the text form of the Risk Matrix for Oracle E-Business Suite.

CVE Identifier Description
CVE-2014-3571 Vulnerability in the Oracle HTTP Server component of Oracle E-Business Suite (subcomponent: OpenSSL). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-1926 Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Portal). Supported versions that are affected are 12.2.3 and 12.2.4. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Framework accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2015-2610 Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup windows). Supported versions that are affected are 12.0.6, 12.1.3, 12.2.3 and 12.2.4. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Applications Framework accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2015-2615 Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Portal). Supported versions that are affected are 12.0.6, 12.1.3 and 12.2.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Framework accessible data.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2015-2618 Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Input validation). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.3, 12.2.3 and 12.2.4. Very difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Object Library accessible data.

CVSS Base Score 2.1 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2015-2630 Vulnerability in the Technology stack component of Oracle E-Business Suite (subcomponent: Applet startup). Supported versions that are affected are 11.5.10.2, 12.0.6 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Technology stack accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2015-2645 Vulnerability in the Oracle Web Applications Desktop Integrator component of Oracle E-Business Suite (subcomponent: Create document). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.3, 12.2.3 and 12.2.4. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Web Applications Desktop Integrator accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2015-2652 Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: Web Management). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.3 and 12.2.4. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Marketing accessible data.

CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2015-4728 Vulnerability in the Oracle Sourcing component of Oracle E-Business Suite (subcomponent: Bid/Quote creation). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3 and 12.2.4. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Sourcing accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2015-4739 Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Help screens). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Object Library accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2015-4741 Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Dialog popup). The supported version that is affected is 12.2.4. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Applications Framework accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2015-4743 Vulnerability in the Oracle Applications DBA component of Oracle E-Business Suite (subcomponent: AD Utilities). The supported version that is affected is 12.2.3. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Applications DBA accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2015-4765 Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: OAM Dashboard). Supported versions that are affected are 12.1.3, 12.2.3 and 12.2.4. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Applications Manager accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Supply Chain Products Suite

This table provides the text form of the Risk Matrix for Oracle Supply Chain Products Suite.

CVE Identifier Description
CVE-2015-2644 Vulnerability in the Oracle Agile PLM Framework component of Oracle Supply Chain Products Suite (subcomponent: Security). The supported version that is affected is 9.3.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Agile PLM Framework accessible data.

CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2015-2657 Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Business Process Automation). Supported versions that are affected are 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6 and 6.3.7. Easily exploitable vulnerability allows successful authenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Transportation Management accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2015-2660 Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Oracle Agile PLM Framework). The supported version that is affected is 9.3.4. Very difficult to exploit vulnerability allows successful authenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Agile PLM accessible data as well as read access to a subset of Oracle Agile PLM accessible data.

CVSS Base Score 3.6 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2015-2663 Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Business Process Automation). Supported versions that are affected are 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6 and 6.3.7. Easily exploitable vulnerability allows successful authenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to any arbitrary Operating System location as well as update, insert or delete access to all Oracle Transportation Management accessible data.

CVSS Base Score 7.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:C/I:P/A:N). (legend) [Advisory]
CVE-2015-4746 Vulnerability in the Oracle Agile Product Lifecycle Management for Process component of Oracle Supply Chain Products Suite (subcomponent: Global Spec Management). Supported versions that are affected are 6.0.0.7, 6.1.0.3, 6.1.1.5 and 6.2.0.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Agile Product Lifecycle Management for Process accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2015-4763 Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). The supported version that is affected is 9.3.4. Very difficult to exploit vulnerability allows successful authenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Agile PLM accessible data as well as read access to a subset of Oracle Agile PLM accessible data.

CVSS Base Score 3.6 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2015-4768 Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Diagnostics). Supported versions that are affected are 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6 and 6.3.7. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Transportation Management accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]

Text Form of Risk Matrix for Oracle PeopleSoft Products

This table provides the text form of the Risk Matrix for Oracle PeopleSoft Products.

CVE Identifier Description
CVE-2015-0286 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 8.53 and 8.54. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-0467 Vulnerability in the PeopleSoft Enterprise HCM Talent Acquisition Manager component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 9.1 and 9.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise HCM Talent Acquisition Manager accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2015-2588 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.53 and 8.54. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2015-2591 Vulnerability in the PeopleSoft Enterprise Portal - Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Enterprise Portal). The supported version that is affected is 9.1.00. Easily exploitable vulnerability allows successful authenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise Portal - Interaction Hub accessible data.

CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2015-2622 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Core). The supported version that is affected is 8.54. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2015-2650 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Multichannel Framework). Supported versions that are affected are 8.53 and 8.54. Easily exploitable vulnerability allows successful authenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2015-3456 Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: PeopleSoft-VM). Supported versions that are affected are 8.53 and 8.54. Easily exploitable vulnerability allows successful authenticated network attacks via None, but can only be launched from an adjacent network. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:A/AC:L/Au:S/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-4738 Vulnerability in the PeopleSoft Enterprise HCM Candidate Gateway component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 9.1 and 9.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM Candidate Gateway accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Siebel CRM

This table provides the text form of the Risk Matrix for Oracle Siebel CRM.

CVE Identifier Description
CVE-2013-2251 Vulnerability in the Siebel Apps - E-Billing component of Oracle Siebel CRM (subcomponent: Security). Supported versions that are affected are 6.1, 6.1.1 and 6.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-2587 Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: SWSE Server Infrastructure). Supported versions that are affected are 8.1.1, 8.2.2 and 15.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Siebel UI Framework accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2015-2600 Vulnerability in the Siebel Core - Server OM Svcs component of Oracle Siebel CRM (subcomponent: Security). Supported versions that are affected are 8.1.1, 8.2.2 and 15.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Siebel Core - Server OM Svcs accessible data.

CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2015-2612 Vulnerability in the Siebel Core - Server OM Svcs component of Oracle Siebel CRM (subcomponent: LDAP Security Adapter). Supported versions that are affected are 8.1.1, 8.2.2 and 15.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Siebel Core - Server OM Svcs accessible data.

CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2015-2649 Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). Supported versions that are affected are 8.1.1, 8.22 and 15.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data.

CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Commerce Platform

This table provides the text form of the Risk Matrix for Oracle Commerce Platform.

CVE Identifier Description
CVE-2015-2607 Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager component of Oracle Commerce Platform (subcomponent: Content Acquisition System). Supported versions that are affected are 3.0.2, 3.1.1, 3.1.2, 11.0 and 11.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Commerce Guided Search / Oracle Commerce Experience Manager accessible data.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2015-2653 Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager component of Oracle Commerce Platform (subcomponent: Content Acquisition System). Supported versions that are affected are 3.1.1, 3.1.2, 11.0 and 11.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Commerce Guided Search / Oracle Commerce Experience Manager accessible data as well as read access to a subset of Oracle Commerce Guided Search / Oracle Commerce Experience Manager accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Communications Applications

This table provides the text form of the Risk Matrix for Oracle Communications Applications.

CVE Identifier Description
CVE-2014-1569 Vulnerability in the Oracle Communications Messaging Server component of Oracle Communications Applications (subcomponent: Security). The supported version that is affected is 7.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Communications Messaging Server accessible data as well as read access to a subset of Oracle Communications Messaging Server accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Communications Messaging Server.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2015-0235 Vulnerability in the Oracle Communications Session Border Controller component of Oracle Communications Applications (subcomponent: Glibc). The supported version that is affected is Versions prior to 7.2.0m4. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Java SE

This table provides the text form of the Risk Matrix for Oracle Java SE.

CVE Identifier Description
CVE-2015-2590 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE 6u95, Java SE 7u80, Java SE 8u45, Java SE Embedded 7u75 and Java SE Embedded 8u33. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-2596 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Hotspot). The supported version that is affected is Java SE 7u80. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2015-2597 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Install). Supported versions that are affected are Java SE 7u80 and Java SE 8u45. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Applies to Mac OS X only.

CVSS Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-2601 Vulnerability in the Java SE, JRockit, Java SE Embedded component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE 6u95, Java SE 7u80, Java SE 8u45, JRockit R28.3.6, Java SE Embedded 7u75 and Java SE Embedded 8u33. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE, JRockit, Java SE Embedded accessible data.

Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2015-2613 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE 7u80, Java SE 8u45, Java SE Embedded 7u75 and Java SE Embedded 8u33. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.

Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2015-2619 Vulnerability in the Java SE, JavaFX, Java SE Embedded component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE 7u80, Java SE 8u45, JavaFX 2.2.80, Java SE Embedded 7u75 and Java SE Embedded 8u33. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE, JavaFX, Java SE Embedded accessible data.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2015-2621 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE 6u95, Java SE 7u80, Java SE 8u45, Java SE Embedded 7u75 and Java SE Embedded 8u33. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2015-2625 Vulnerability in the Java SE, JRockit, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE 6u95, Java SE 7u80, Java SE 8u45, JRockit R28.3.6, Java SE Embedded 7u75 and Java SE Embedded 8u33. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE, JRockit, Java SE Embedded accessible data.

Note: Applies to client and server deployment of JSSE.

CVSS Base Score 2.6 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2015-2627 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Install). Supported versions that are affected are Java SE 6u95, Java SE 7u80 and Java SE 8u45. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data.

Note: Applies to installation process on client deployment of Java.

CVSS Base Score 2.6 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2015-2628 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: CORBA). Supported versions that are affected are Java SE 6u95, Java SE 7u80, Java SE 8u45, Java SE Embedded 7u75 and Java SE Embedded 8u33. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-2632 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE 6u95, Java SE 7u80 and Java SE 8u45. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2015-2637 Vulnerability in the Java SE, JavaFX, Java SE Embedded component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE 6u95, Java SE 7u80, Java SE 8u45, JavaFX 2.2.80, Java SE Embedded 7u75 and Java SE Embedded 8u33. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE, JavaFX, Java SE Embedded accessible data.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2015-2638 Vulnerability in the Java SE, JavaFX, Java SE Embedded component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE 6u95, Java SE 7u80, Java SE 8u45, JavaFX 2.2.80, Java SE Embedded 7u75 and Java SE Embedded 8u33. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-2659 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE 8u45 and Java SE Embedded 8u33. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.

Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-2664 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u95, Java SE 7u80 and Java SE 8u45. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-2808 Vulnerability in the Java SE, JRockit, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE 6u95, Java SE 7u80, Java SE 8u45, JRockit R28.3.6, Java SE Embedded 7u75 and Java SE Embedded 8u33. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, JRockit, Java SE Embedded accessible data as well as read access to a subset of Java SE, JRockit, Java SE Embedded accessible data.

Note: Applies to client and server deployment of JSSE.

CVSS Base Score 4.0 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2015-4000 Vulnerability in the Java SE, JRockit, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE 6u95, Java SE 7u80, Java SE 8u45, JRockit R28.3.6, Java SE Embedded 7u75 and Java SE Embedded 8u33. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, JRockit, Java SE Embedded accessible data as well as read access to a subset of Java SE, JRockit, Java SE Embedded accessible data.

Note: Applies to client and server deployment of JSSE.

CVSS Base Score 4.0 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2015-4729 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 7u80 and Java SE 8u45. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 4.0 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2015-4731 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE 6u95, Java SE 7u80, Java SE 8u45, Java SE Embedded 7u75 and Java SE Embedded 8u33. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-4732 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE 6u95, Java SE 7u80, Java SE 8u45, Java SE Embedded 7u75 and Java SE Embedded 8u33. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-4733 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE 6u95, Java SE 7u80, Java SE 8u45, Java SE Embedded 7u75 and Java SE Embedded 8u33. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-4736 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 7u80 and Java SE 8u45. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-4748 Vulnerability in the Java SE, JRockit, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE 6u95, Java SE 7u80, Java SE 8u45, JRockit R28.3.6, Java SE Embedded 7u75 and Java SE Embedded 8u33. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via OCSP. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.

CVSS Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-4749 Vulnerability in the Java SE, JRockit, Java SE Embedded component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE 6u95, Java SE 7u80, Java SE 8u45, JRockit R28.3.6, Java SE Embedded 7u75 and Java SE Embedded 8u33. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit, Java SE Embedded.

Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.

CVSS Base Score 4.3 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-4760 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE 6u95, Java SE 7u80 and Java SE 8u45. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Sun Systems Products Suite

This table provides the text form of the Risk Matrix for Oracle Sun Systems Products Suite.

CVE Identifier Description
CVE-2013-5704 Vulnerability in the SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers component of Oracle Sun Systems Products Suite (subcomponent: Apache HTTP Server). The supported version that is affected is XCP prior to XCP 1120. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers accessible data.

CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2014-3570 Vulnerability in the SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers component of Oracle Sun Systems Products Suite (subcomponent: OpenSSL). The supported version that is affected is XCP prior to XCP 1120. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized read access to a subset of SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers accessible data.

Note: This fix also addresses CVE-2014-3572, CVE-2014-8275 and CVE-2015-0204.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2014-3571 Vulnerability in the Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: OpenSSL). Supported versions that are affected are Sun System Firmware prior to 8.7.2.b and 9.4.2e. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Integrated Lights Out Manager (ILOM).

Note: This fix also addresses CVE-2015-0206, CVE-2015-0205, CVE-2015-0204, CVE-2014-8275, CVE-2014-3572, CVE-2014-3570 and CVE-2014-3569.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2014-3571 Vulnerability in the Fujitsu M10-1, M10-4, M10-4S Servers component of Oracle Sun Systems Products Suite (subcomponent: OpenSSL). The supported version that is affected is XCP prior to XCP 2260. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Fujitsu M10-1, M10-4, M10-4S Servers.

Note: This fix also addresses CVE-2014-3570, CVE-2014-3572, CVE-2014-8275 and CVE-2015-0204.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-0235 Vulnerability in the SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers component of Oracle Sun Systems Products Suite (subcomponent: XCP Firmware). The supported version that is affected is XCP prior to XCP 1120. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-0235 Vulnerability in the Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: Glibc). Supported versions that are affected are Sun System Firmware prior to 8.7.2.b and 9.4.2e. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-0235 Vulnerability in the Oracle Ethernet Switch ES2-72, Oracle Ethernet Switch ES2-64 component of Oracle Sun Systems Products Suite (subcomponent: Glibc). The supported version that is affected is Versions prior to 1.9.1.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-0235 Vulnerability in the Fujitsu M10-1, M10-4, M10-4S Servers component of Oracle Sun Systems Products Suite (subcomponent: XCP Firmware). The supported version that is affected is XCP prior to XCP 2260. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-2580 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: NFSv4). Supported versions that are affected are 10 and 11.2. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris.

CVSS Base Score 1.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-2589 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: S10 Branded Zone). Supported versions that are affected are 10 and 11.2. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2015-2609 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: CPU performance counters drivers). The supported version that is affected is 11.2. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2015-2614 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: NVM Express SSD driver). The supported version that is affected is 11.2. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2015-2616 Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: DevFS). Supported versions that are affected are 3.3 and 4.2. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2015-2631 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: rmformat Utility). Supported versions that are affected are 10 and 11.2. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-2651 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones virtualized NIC driver). The supported version that is affected is 11.2. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 3.8 (Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:S/C:N/I:N/A:C). (legend) [Advisory]
CVE-2015-2662 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: DHCP Server). Supported versions that are affected are 10 and 11.2. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris.

CVSS Base Score 1.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-4750 Vulnerability in the Oracle VM Server for SPARC component of Oracle Sun Systems Products Suite (subcomponent: LDOM Manager). The supported version that is affected is 3.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM Server for SPARC.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-4770 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: UNIX filesystem). Supported versions that are affected are 10 and 11.2. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Virtualization

This table provides the text form of the Risk Matrix for Oracle Virtualization.

CVE Identifier Description
CVE-2010-1324 Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: Kerberos). Supported versions that are affected are 4.63, 4.71, 5.1 and 5.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via Kerberos. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Secure Global Desktop accessible data.

Note: This fix also addresses CVE-2010-1323 and CVE-2010-4020.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2014-0227 Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: Apache Tomcat). Supported versions that are affected are 4.63, 4.71 and 5.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Secure Global Desktop accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Secure Global Desktop.

CVSS Base Score 6.4 (Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:P). (legend) [Advisory]
CVE-2014-0230 Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: Apache Tomcat). Supported versions that are affected are 4.63, 4.71 and 5.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 7.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2014-3571 Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: OpenSSL). Supported versions that are affected are 4.63, 4.71 and 5.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Secure Global Desktop.

Note: This fix also addresses CVE-2014-3569, CVE-2014-3570, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205 and CVE-2015-0206.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2014-8102 Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: X Server). Supported versions that are affected are 4.63, 4.71, 5.1 and 5.2. Easily exploitable vulnerability allows successful authenticated network attacks via X11. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Secure Global Desktop accessible data as well as read access to a subset of Oracle Secure Global Desktop accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Secure Global Desktop.

Note: This fix also addresses CVE-2014-8091, CVE-2014-8092, CVE-2014-8093, CVE-2014-8095, CVE-2014-8096, CVE-2014-8097, CVE-2014-8098, CVE-2014-8100 and CVE-2014-8101.

CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory]
CVE-2015-0255 Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: X Server). Supported versions that are affected are 4.63, 4.71, 5.1 and 5.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via X11. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Secure Global Desktop accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Secure Global Desktop.

CVSS Base Score 6.4 (Confidentiality and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P). (legend) [Advisory]
CVE-2015-0286 Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: OpenSSL). Supported versions that are affected are 4.63, 4.71, 5.1 and 5.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Secure Global Desktop.

Note: This fix also addresses CVE-2015-0287 and CVE-2015-0289. This fix also addresses CVE-2015-0204 in SGD 4.63, 4.71 and 5.1.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-1803 Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: LibXFont). Supported versions that are affected are 4.63, 4.71, 5.1 and 5.2. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution.

Note: This fix also addresses CVE-2015-1802 and CVE-2015-1804.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-2581 Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: JServer). Supported versions that are affected are 5.1 and 5.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Secure Global Desktop accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Secure Global Desktop.

CVSS Base Score 6.4 (Confidentiality and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P). (legend) [Advisory]
CVE-2015-2594 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are VirtualBox prior to 4.0.32, 4.1.40, 4.2.32 and 4.3.30. Difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution.

Note: This issue affects Windows, Linux and Mac OS X hosts only when guests using bridged networking over Wifi. Solaris hosts don't support this mode and therefore not affected by this issue.

CVSS Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:S/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-4727 Vulnerability in the Sun Ray Software component of Oracle Virtualization (subcomponent: Web Console). The supported version that is affected is Sun Ray Software prior to 5.4.4. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Sun Ray Software accessible data as well as read access to a subset of Sun Ray Software accessible data and ability to cause a partial denial of service (partial DOS) of Sun Ray Software.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]

Text Form of Risk Matrix for Oracle MySQL

This table provides the text form of the Risk Matrix for Oracle MySQL.

CVE Identifier Description
CVE-2015-2582 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : GIS). Supported versions that are affected are 5.5.43 and earlier and 5.6.24 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-2611 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : DML). Supported versions that are affected are 5.6.24 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-2617 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.6.24 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized takeover of MySQL Server possibly including arbitrary code execution within the MySQL Server.

CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory]
CVE-2015-2620 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.43 and earlier and 5.6.23 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data.

CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2015-2639 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Firewall). Supported versions that are affected are 5.6.24 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some MySQL Server accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2015-2641 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.24 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-2643 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Optimizer). Supported versions that are affected are 5.5.43 and earlier and 5.6.24 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-2648 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : DML). Supported versions that are affected are 5.5.43 and earlier and 5.6.24 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-2661 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client). Supported versions that are affected are 5.6.24 and earlier. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server.

CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-4737 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.5.43 and earlier and 5.6.23 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data.

CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2015-4752 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : I_S). Supported versions that are affected are 5.5.43 and earlier and 5.6.24 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-4756 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : InnoDB). Supported versions that are affected are 5.6.22 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-4757 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Optimizer). Supported versions that are affected are 5.5.42 and earlier and 5.6.23 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-4761 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Memcached). Supported versions that are affected are 5.6.24 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-4767 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Firewall). Supported versions that are affected are 5.6.24 and earlier. Very difficult to exploit vulnerability allows successful network attacks via multiple protocols, requiring multiple authentications. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 1.7 (Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:M/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-4769 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Firewall). Supported versions that are affected are 5.6.24 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-4771 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : RBR). Supported versions that are affected are 5.6.24 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-4772 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.6.24 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Berkeley DB

This table provides the text form of the Risk Matrix for Oracle Berkeley DB.

CVE Identifier Description
CVE-2015-2583 Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-2624 Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-2626 Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-2640 Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-2654 Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-2656 Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-4754 Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-4764 Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-4774 Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Data Store accessible data and ability to cause a partial denial of service (partial DOS) of Data Store.

CVSS Base Score 3.3 (Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P). (legend) [Advisory]
CVE-2015-4775 Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-4776 Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-4777 Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-4778 Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-4779 Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Data Store accessible data and ability to cause a partial denial of service (partial DOS) of Data Store.

CVSS Base Score 3.3 (Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P). (legend) [Advisory]
CVE-2015-4780 Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-4781 Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-4782 Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-4783 Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-4784 Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-4785 Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-4786 Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-4787 Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-4788 Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Data Store accessible data and ability to cause a partial denial of service (partial DOS) of Data Store.

CVSS Base Score 3.3 (Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P). (legend) [Advisory]
CVE-2015-4789 Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-4790 Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]