This document provides the text form of the CPUJul2015 Advisory Risk Matrices. Please note that the CVE numbers in this document correspond to the same CVE numbers in the CPUJul2015 Advisory
This page contains the following text format Risk Matrices:
This table provides the text form of the Risk Matrix for Oracle Database Server.
CVE Identifier | Description |
---|---|
CVE-2015-0468 | Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Analyze Any or Create Materialized View privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3 and 12.1.0.1. Difficult to exploit vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized takeover of Core RDBMS possibly including arbitrary code execution within the Core RDBMS. CVSS Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P). (legend) [Advisory] |
CVE-2015-2585 | Vulnerability in the Application Express component of Oracle Database Server. This vulnerability requires Valid Account privileges for a successful attack. The supported version that is affected is All versions prior to 5.0. Very difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Application Express. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2015-2586 | Vulnerability in the Application Express component of Oracle Database Server. The supported version that is affected is All releases prior to 4.2.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Application Express. CVSS Base Score 4.3 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2015-2595 | Vulnerability in the Oracle OLAP component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized takeover of Oracle OLAP possibly including arbitrary code execution within the Oracle OLAP. CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory] |
CVE-2015-2599 | Vulnerability in the RDBMS Scheduler component of Oracle Database Server. This vulnerability requires Alter Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to all RDBMS Scheduler accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
CVE-2015-2629 | Vulnerability in the Java VM component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: The CVSS score is 9.0 only on Windows for Database versions prior to 12c. The CVSS is 6.5 (Confidentiality, Integrity and Availability is "Partial+") for Database 12c on Windows and for all versions of Database on Linux, Unix and other platforms. CVSS Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2015-2655 | Vulnerability in the Application Express component of Oracle Database Server. This vulnerability requires Valid Account privileges for a successful attack. The supported version that is affected is All versions prior to 4.2.3.00.08. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Application Express accessible data as well as read access to a subset of Application Express accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
CVE-2015-4740 | Vulnerability in the RDBMS Partitioning component of Oracle Database Server. This vulnerability requires Create Session, Create Any Index, Index object privilege on a Table privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Difficult to exploit vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized takeover of RDBMS Partitioning possibly including arbitrary code execution within the RDBMS Partitioning. CVSS Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P). (legend) [Advisory] |
CVE-2015-4753 | Vulnerability in the RDBMS Support Tools component of Oracle Database Server. Supported versions that are affected are 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to all RDBMS Support Tools accessible data. CVSS Base Score 2.1 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
CVE-2015-4755 | Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 12.1.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of RDBMS Security accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
This table provides the text form of the Risk Matrix for Oracle Fusion Middleware.
CVE Identifier | Description |
---|---|
CVE-2013-2186 | Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: BI Platform Security). Supported versions that are affected are 11.1.1.7 and 11.1.1.9. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Business Intelligence Enterprise Edition accessible data as well as read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
CVE-2014-1568 | Vulnerability in the Oracle Directory Server Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Admin Server). Supported versions that are affected are 7.0 and 11.1.1.7. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Directory Server Enterprise Edition accessible data as well as read access to a subset of Oracle Directory Server Enterprise Edition accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Directory Server Enterprise Edition. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
CVE-2014-1568 | Vulnerability in the Oracle OpenSSO component of Oracle Fusion Middleware (subcomponent: Web Agents). Supported versions that are affected are 3.0-05. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle OpenSSO accessible data as well as read access to a subset of Oracle OpenSSO accessible data and ability to cause a partial denial of service (partial DOS) of Oracle OpenSSO. Note: This fix also addresses CVE-2014-1569. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
CVE-2014-1568 | Vulnerability in the Oracle Traffic Director component of Oracle Fusion Middleware (subcomponent: Security). The supported version that is affected is 11.1.1.7.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Traffic Director accessible data as well as read access to a subset of Oracle Traffic Director accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Traffic Director. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
CVE-2014-1569 | Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). The supported version that is affected is 2.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle GlassFish Server accessible data as well as read access to a subset of Oracle GlassFish Server accessible data and ability to cause a partial denial of service (partial DOS) of Oracle GlassFish Server. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
CVE-2014-1569 | Vulnerability in the Oracle iPlanet Web Proxy Server component of Oracle Fusion Middleware (subcomponent: Security). The supported version that is affected is 4.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle iPlanet Web Proxy Server accessible data as well as read access to a subset of Oracle iPlanet Web Proxy Server accessible data and ability to cause a partial denial of service (partial DOS) of Oracle iPlanet Web Proxy Server. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
CVE-2014-1569 | Vulnerability in the Oracle iPlanet Web Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 6.1 and 7.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle iPlanet Web Server accessible data as well as read access to a subset of Oracle iPlanet Web Server accessible data and ability to cause a partial denial of service (partial DOS) of Oracle iPlanet Web Server. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
CVE-2014-3566 | Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Network Encryption). Supported versions that are affected are SALT 10.3 and SALT 11.1.1.2.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Tuxedo accessible data. CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
CVE-2014-3567 | Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Network Encryption). The supported version that is affected is Tuxedo 12.1.1.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 7.1 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C). (legend) [Advisory] |
CVE-2014-3571 | Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Network Encryption). The supported version that is affected is Tuxedo 12.1.1.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Tuxedo. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2014-7809 | Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Community). Supported versions that are affected are 11.1.1.6.1 Community, 11.1.1.8.0 Community and 12.2.1.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebCenter Sites accessible data as well as read access to a subset of Oracle WebCenter Sites accessible data and ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Sites. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
CVE-2015-0286 | Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Network Encryption). The supported version that is affected is Tuxedo 12.1.1.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Tuxedo. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2015-0286 | Vulnerability in the Oracle Exalogic Infrastructure component of Oracle Fusion Middleware (subcomponent: Network Infra Framework). The supported version that is affected is 2.0.6.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Exalogic Infrastructure. Note: The fix also addresses CVE-2015-0204,CVE-2015-0288,CVE-2015-0291,CVE-2015-0289,CVE-2015-0287,CVE-2015-0285,CVE-2015-0209,CVE-2015-0290,CVE-2015-0208,CVE-2015-0207,CVE-2015-0293,CVE-2015-0292 and CVE-2015-1787. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2015-0443 | Vulnerability in the Oracle Data Integrator component of Oracle Fusion Middleware (subcomponent: Data Quality based on Trillium). The supported version that is affected is 11.1.1.3.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Data Integrator accessible data as well as read access to a subset of Oracle Data Integrator accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Data Integrator. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
CVE-2015-0444 | Vulnerability in the Oracle Data Integrator component of Oracle Fusion Middleware (subcomponent: Data Quality based on Trillium). The supported version that is affected is 11.1.1.3.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Data Integrator accessible data as well as read access to a subset of Oracle Data Integrator accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Data Integrator. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
CVE-2015-0445 | Vulnerability in the Oracle Data Integrator component of Oracle Fusion Middleware (subcomponent: Data Quality based on Trillium). The supported version that is affected is 11.1.1.3.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Data Integrator accessible data as well as read access to a subset of Oracle Data Integrator accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Data Integrator. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
CVE-2015-0446 | Vulnerability in the Oracle Data Integrator component of Oracle Fusion Middleware (subcomponent: Data Quality based on Trillium). The supported version that is affected is 11.1.1.3.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Data Integrator accessible data as well as read access to a subset of Oracle Data Integrator accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Data Integrator. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
CVE-2015-1926 | Vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: Portlet Services). Supported versions that are affected are 11.1.1.8.0 and 11.1.1.9.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebCenter Portal accessible data as well as read access to a subset of Oracle WebCenter Portal accessible data. Note: Please refer to My Oracle Support Note 2029169.1 for instructions on how to address this issue.This fix also addresses CVE-2015-3244. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
CVE-2015-2593 | Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Configuration Service). The supported version that is affected is 11.1.2.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP, but can only be launched from an adjacent network. Successful attack of this vulnerability can result in unauthorized write access to any arbitrary Operating System location as well as read access to any arbitrary Operating System location. CVSS Base Score 7.1 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:A/AC:L/Au:S/C:C/I:C/A:N). (legend) [Advisory] |
CVE-2015-2598 | Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Mobile - iPad). The supported version that is affected is All versions prior to mobile app 11.1.1.7.0 (11.6.39). Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Business Intelligence Enterprise Edition accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2015-2602 | Vulnerability in the Oracle Endeca Information Discovery Studio component of Oracle Fusion Middleware (subcomponent: Integrator). Supported versions that are affected are 2.2.2, 2.3, 2.4, 3.0 and 3.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Endeca Information Discovery Studio accessible data as well as read access to a subset of Oracle Endeca Information Discovery Studio accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Endeca Information Discovery Studio. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
CVE-2015-2603 | Vulnerability in the Oracle Endeca Information Discovery Studio component of Oracle Fusion Middleware (subcomponent: Integrator). Supported versions that are affected are 2.2.2, 2.3, 2.4, 3.0 and 3.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Endeca Information Discovery Studio accessible data as well as read access to a subset of Oracle Endeca Information Discovery Studio accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Endeca Information Discovery Studio. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
CVE-2015-2604 | Vulnerability in the Oracle Endeca Information Discovery Studio component of Oracle Fusion Middleware (subcomponent: Integrator). Supported versions that are affected are 2.2.2, 2.3, 2.4, 3.0 and 3.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Endeca Information Discovery Studio accessible data as well as read access to a subset of Oracle Endeca Information Discovery Studio accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Endeca Information Discovery Studio. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
CVE-2015-2605 | Vulnerability in the Oracle Endeca Information Discovery Studio component of Oracle Fusion Middleware (subcomponent: Integrator). Supported versions that are affected are 2.2.2, 2.3, 2.4, 3.0 and 3.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Endeca Information Discovery Studio accessible data as well as read access to a subset of Oracle Endeca Information Discovery Studio accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Endeca Information Discovery Studio. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
CVE-2015-2606 | Vulnerability in the Oracle Endeca Information Discovery Studio component of Oracle Fusion Middleware (subcomponent: Integrator). Supported versions that are affected are 2.2.2, 2.3, 2.4, 3.0 and 3.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Endeca Information Discovery Studio accessible data as well as read access to a subset of Oracle Endeca Information Discovery Studio accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Endeca Information Discovery Studio. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
CVE-2015-2623 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). Supported versions that are affected are 10.3.6.0, 12.1.1.0, 12.1.2.0 and 12.1.3.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebLogic Server accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2015-2623 | Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). Supported versions that are affected are 3.0.1 and 3.1.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle GlassFish Server accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2015-2634 | Vulnerability in the Oracle Data Integrator component of Oracle Fusion Middleware (subcomponent: Data Quality based on Trillium). The supported version that is affected is 11.1.1.3.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Data Integrator accessible data as well as read access to a subset of Oracle Data Integrator accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Data Integrator. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
CVE-2015-2635 | Vulnerability in the Oracle Data Integrator component of Oracle Fusion Middleware (subcomponent: Data Quality based on Trillium). The supported version that is affected is 11.1.1.3.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Data Integrator accessible data as well as read access to a subset of Oracle Data Integrator accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Data Integrator. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
CVE-2015-2636 | Vulnerability in the Oracle Data Integrator component of Oracle Fusion Middleware (subcomponent: Data Quality based on Trillium). The supported version that is affected is 11.1.1.3.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Data Integrator accessible data as well as read access to a subset of Oracle Data Integrator accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Data Integrator. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
CVE-2015-2658 | Vulnerability in the Web Cache component of Oracle Fusion Middleware (subcomponent: SSL/TLS Support). The supported version that is affected is 11.1.1.7.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Web Cache accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
CVE-2015-4742 | Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: ADF Faces). Supported versions that are affected are 11.1.1.7.0, 11.1.2.4.0, 12.1.2.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle JDeveloper. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2015-4744 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 10.3.6.0, 12.1.1.0, 12.1.2.0 and 12.1.3.0. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebLogic Server accessible data. CVSS Base Score 2.6 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2015-4744 | Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle GlassFish Server accessible data. CVSS Base Score 2.6 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2015-4745 | Vulnerability in the Oracle Endeca Information Discovery Studio component of Oracle Fusion Middleware (subcomponent: Integrator). Supported versions that are affected are 2.2.2, 2.3, 2.4, 3.0 and 3.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Endeca Information Discovery Studio accessible data as well as read access to a subset of Oracle Endeca Information Discovery Studio accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Endeca Information Discovery Studio. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
CVE-2015-4747 | Vulnerability in the Oracle Event Processing component of Oracle Fusion Middleware (subcomponent: CEP system). Supported versions that are affected are 11.1.1.7 and 12.1.3.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Event Processing accessible data as well as read access to a subset of Oracle Event Processing accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Event Processing. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
CVE-2015-4751 | Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Authentication Engine). Supported versions that are affected are 11.1.1.7 and 11.1.2.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Access Manager. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2015-4758 | Vulnerability in the Oracle Data Integrator component of Oracle Fusion Middleware (subcomponent: Data Quality based on Trillium). The supported version that is affected is 11.1.1.3.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Data Integrator accessible data as well as read access to a subset of Oracle Data Integrator accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Data Integrator. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
CVE-2015-4759 | Vulnerability in the Oracle Data Integrator component of Oracle Fusion Middleware (subcomponent: Data Quality based on Trillium). The supported version that is affected is 11.1.1.3.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Data Integrator accessible data as well as read access to a subset of Oracle Data Integrator accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Data Integrator. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
This table provides the text form of the Risk Matrix for Oracle Hyperion.
CVE Identifier | Description |
---|---|
CVE-2012-0036 | Vulnerability in the Hyperion Essbase component of Oracle Hyperion (subcomponent: Infrastructure). Supported versions that are affected are 11.1.2.2 and 11.1.2.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Hyperion Essbase accessible data as well as read access to a subset of Hyperion Essbase accessible data and ability to cause a partial denial of service (partial DOS) of Hyperion Essbase. Note: This fix also addresses CVE-2011-3389, CVE-2013-0249, CVE-2013-2174, CVE-2013-4545, CVE-2013-6422, CVE-2014-0015, CVE-2014-0138, CVE-2014-0139, CVE-2014-3613, CVE-2014-3707 . CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
CVE-2015-2584 | Vulnerability in the Hyperion Enterprise Performance Management Architect component of Oracle Hyperion (subcomponent: Security). Supported versions that are affected are 11.1.2.2 and 11.1.2.3. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Hyperion Enterprise Performance Management Architect accessible data. CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2015-2592 | Vulnerability in the Hyperion Enterprise Performance Management Architect component of Oracle Hyperion (subcomponent: Security). Supported versions that are affected are 11.1.2.2 and 11.1.2.3. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Hyperion Enterprise Performance Management Architect accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2015-4773 | Vulnerability in the Hyperion Common Security component of Oracle Hyperion (subcomponent: User Account Update). Supported versions that are affected are 11.1.2.2, 11.1.2.3 and 11.1.2.4. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Hyperion Common Security . CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
This table provides the text form of the Risk Matrix for Oracle Enterprise Manager Grid Control.
CVE Identifier | Description |
---|---|
CVE-2015-2646 | Vulnerability in the Enterprise Manager for Oracle Database component of Oracle Enterprise Manager Grid Control (subcomponent: Content Management). Supported versions that are affected are EM Base Platform: 11.1.0.1; EM Plugin for DB: 12.1.0.5, 12.1.0.6, 12.1.0.7; EM DB Control: 11.1.0.7, 11.2.0.3 and 11.2.0.4. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager for Oracle Database accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2015-2647 | Vulnerability in the Enterprise Manager for Oracle Database component of Oracle Enterprise Manager Grid Control (subcomponent: Content Management). Supported versions that are affected are EM Base Platform: 11.1.0.1; EM Plugin for DB: 12.1.0.5, 12.1.0.6, 12.1.0.7; EM DB Control: 11.1.0.7, 11.2.0.3 and 11.2.0.4. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Enterprise Manager for Oracle Database accessible data as well as read access to all Enterprise Manager for Oracle Database accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
CVE-2015-4735 | Vulnerability in the Enterprise Manager for Oracle Database component of Oracle Enterprise Manager Grid Control (subcomponent: RAC Management). Supported versions that are affected are EM Base Platform: 11.1.0.1; EM DB Control: 11.2.0.3 and 11.2.0.4. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Enterprise Manager for Oracle Database accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
This table provides the text form of the Risk Matrix for Oracle E-Business Suite.
CVE Identifier | Description |
---|---|
CVE-2014-3571 | Vulnerability in the Oracle HTTP Server component of Oracle E-Business Suite (subcomponent: OpenSSL). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2015-1926 | Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Portal). Supported versions that are affected are 12.2.3 and 12.2.4. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Framework accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
CVE-2015-2610 | Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup windows). Supported versions that are affected are 12.0.6, 12.1.3, 12.2.3 and 12.2.4. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Applications Framework accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2015-2615 | Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Portal). Supported versions that are affected are 12.0.6, 12.1.3 and 12.2.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Framework accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
CVE-2015-2618 | Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Input validation). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.3, 12.2.3 and 12.2.4. Very difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Object Library accessible data. CVSS Base Score 2.1 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2015-2630 | Vulnerability in the Technology stack component of Oracle E-Business Suite (subcomponent: Applet startup). Supported versions that are affected are 11.5.10.2, 12.0.6 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Technology stack accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2015-2645 | Vulnerability in the Oracle Web Applications Desktop Integrator component of Oracle E-Business Suite (subcomponent: Create document). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.3, 12.2.3 and 12.2.4. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Web Applications Desktop Integrator accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2015-2652 | Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: Web Management). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.3 and 12.2.4. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Marketing accessible data. CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2015-4728 | Vulnerability in the Oracle Sourcing component of Oracle E-Business Suite (subcomponent: Bid/Quote creation). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3 and 12.2.4. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Sourcing accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
CVE-2015-4739 | Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Help screens). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Object Library accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2015-4741 | Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Dialog popup). The supported version that is affected is 12.2.4. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Applications Framework accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2015-4743 | Vulnerability in the Oracle Applications DBA component of Oracle E-Business Suite (subcomponent: AD Utilities). The supported version that is affected is 12.2.3. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Applications DBA accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
CVE-2015-4765 | Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: OAM Dashboard). Supported versions that are affected are 12.1.3, 12.2.3 and 12.2.4. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Applications Manager accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
This table provides the text form of the Risk Matrix for Oracle Supply Chain Products Suite.
CVE Identifier | Description |
---|---|
CVE-2015-2644 | Vulnerability in the Oracle Agile PLM Framework component of Oracle Supply Chain Products Suite (subcomponent: Security). The supported version that is affected is 9.3.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Agile PLM Framework accessible data. CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
CVE-2015-2657 | Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Business Process Automation). Supported versions that are affected are 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6 and 6.3.7. Easily exploitable vulnerability allows successful authenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Transportation Management accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
CVE-2015-2660 | Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Oracle Agile PLM Framework). The supported version that is affected is 9.3.4. Very difficult to exploit vulnerability allows successful authenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Agile PLM accessible data as well as read access to a subset of Oracle Agile PLM accessible data. CVSS Base Score 3.6 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
CVE-2015-2663 | Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Business Process Automation). Supported versions that are affected are 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6 and 6.3.7. Easily exploitable vulnerability allows successful authenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to any arbitrary Operating System location as well as update, insert or delete access to all Oracle Transportation Management accessible data. CVSS Base Score 7.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:C/I:P/A:N). (legend) [Advisory] |
CVE-2015-4746 | Vulnerability in the Oracle Agile Product Lifecycle Management for Process component of Oracle Supply Chain Products Suite (subcomponent: Global Spec Management). Supported versions that are affected are 6.0.0.7, 6.1.0.3, 6.1.1.5 and 6.2.0.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Agile Product Lifecycle Management for Process accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
CVE-2015-4763 | Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). The supported version that is affected is 9.3.4. Very difficult to exploit vulnerability allows successful authenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Agile PLM accessible data as well as read access to a subset of Oracle Agile PLM accessible data. CVSS Base Score 3.6 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
CVE-2015-4768 | Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Diagnostics). Supported versions that are affected are 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6 and 6.3.7. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Transportation Management accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
This table provides the text form of the Risk Matrix for Oracle PeopleSoft Products.
CVE Identifier | Description |
---|---|
CVE-2015-0286 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 8.53 and 8.54. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2015-0467 | Vulnerability in the PeopleSoft Enterprise HCM Talent Acquisition Manager component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 9.1 and 9.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise HCM Talent Acquisition Manager accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2015-2588 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.53 and 8.54. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2015-2591 | Vulnerability in the PeopleSoft Enterprise Portal - Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Enterprise Portal). The supported version that is affected is 9.1.00. Easily exploitable vulnerability allows successful authenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise Portal - Interaction Hub accessible data. CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2015-2622 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Core). The supported version that is affected is 8.54. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2015-2650 | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Multichannel Framework). Supported versions that are affected are 8.53 and 8.54. Easily exploitable vulnerability allows successful authenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
CVE-2015-3456 | Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: PeopleSoft-VM). Supported versions that are affected are 8.53 and 8.54. Easily exploitable vulnerability allows successful authenticated network attacks via None, but can only be launched from an adjacent network. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:A/AC:L/Au:S/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2015-4738 | Vulnerability in the PeopleSoft Enterprise HCM Candidate Gateway component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 9.1 and 9.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM Candidate Gateway accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
This table provides the text form of the Risk Matrix for Oracle Siebel CRM.
CVE Identifier | Description |
---|---|
CVE-2013-2251 | Vulnerability in the Siebel Apps - E-Billing component of Oracle Siebel CRM (subcomponent: Security). Supported versions that are affected are 6.1, 6.1.1 and 6.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2015-2587 | Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: SWSE Server Infrastructure). Supported versions that are affected are 8.1.1, 8.2.2 and 15.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Siebel UI Framework accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2015-2600 | Vulnerability in the Siebel Core - Server OM Svcs component of Oracle Siebel CRM (subcomponent: Security). Supported versions that are affected are 8.1.1, 8.2.2 and 15.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Siebel Core - Server OM Svcs accessible data. CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
CVE-2015-2612 | Vulnerability in the Siebel Core - Server OM Svcs component of Oracle Siebel CRM (subcomponent: LDAP Security Adapter). Supported versions that are affected are 8.1.1, 8.2.2 and 15.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Siebel Core - Server OM Svcs accessible data. CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
CVE-2015-2649 | Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). Supported versions that are affected are 8.1.1, 8.22 and 15.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
This table provides the text form of the Risk Matrix for Oracle Commerce Platform.
CVE Identifier | Description |
---|---|
CVE-2015-2607 | Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager component of Oracle Commerce Platform (subcomponent: Content Acquisition System). Supported versions that are affected are 3.0.2, 3.1.1, 3.1.2, 11.0 and 11.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Commerce Guided Search / Oracle Commerce Experience Manager accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
CVE-2015-2653 | Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager component of Oracle Commerce Platform (subcomponent: Content Acquisition System). Supported versions that are affected are 3.1.1, 3.1.2, 11.0 and 11.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Commerce Guided Search / Oracle Commerce Experience Manager accessible data as well as read access to a subset of Oracle Commerce Guided Search / Oracle Commerce Experience Manager accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
This table provides the text form of the Risk Matrix for Oracle Communications Applications.
CVE Identifier | Description |
---|---|
CVE-2014-1569 | Vulnerability in the Oracle Communications Messaging Server component of Oracle Communications Applications (subcomponent: Security). The supported version that is affected is 7.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Communications Messaging Server accessible data as well as read access to a subset of Oracle Communications Messaging Server accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Communications Messaging Server. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
CVE-2015-0235 | Vulnerability in the Oracle Communications Session Border Controller component of Oracle Communications Applications (subcomponent: Glibc). The supported version that is affected is Versions prior to 7.2.0m4. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
This table provides the text form of the Risk Matrix for Oracle Java SE.
CVE Identifier | Description |
---|---|
CVE-2015-2590 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE 6u95, Java SE 7u80, Java SE 8u45, Java SE Embedded 7u75 and Java SE Embedded 8u33. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2015-2596 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Hotspot). The supported version that is affected is Java SE 7u80. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2015-2597 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Install). Supported versions that are affected are Java SE 7u80 and Java SE 8u45. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to Mac OS X only. CVSS Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2015-2601 | Vulnerability in the Java SE, JRockit, Java SE Embedded component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE 6u95, Java SE 7u80, Java SE 8u45, JRockit R28.3.6, Java SE Embedded 7u75 and Java SE Embedded 8u33. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE, JRockit, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
CVE-2015-2613 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE 7u80, Java SE 8u45, Java SE Embedded 7u75 and Java SE Embedded 8u33. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
CVE-2015-2619 | Vulnerability in the Java SE, JavaFX, Java SE Embedded component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE 7u80, Java SE 8u45, JavaFX 2.2.80, Java SE Embedded 7u75 and Java SE Embedded 8u33. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE, JavaFX, Java SE Embedded accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
CVE-2015-2621 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE 6u95, Java SE 7u80, Java SE 8u45, Java SE Embedded 7u75 and Java SE Embedded 8u33. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
CVE-2015-2625 | Vulnerability in the Java SE, JRockit, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE 6u95, Java SE 7u80, Java SE 8u45, JRockit R28.3.6, Java SE Embedded 7u75 and Java SE Embedded 8u33. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE, JRockit, Java SE Embedded accessible data. Note: Applies to client and server deployment of JSSE. CVSS Base Score 2.6 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
CVE-2015-2627 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Install). Supported versions that are affected are Java SE 6u95, Java SE 7u80 and Java SE 8u45. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to installation process on client deployment of Java. CVSS Base Score 2.6 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
CVE-2015-2628 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: CORBA). Supported versions that are affected are Java SE 6u95, Java SE 7u80, Java SE 8u45, Java SE Embedded 7u75 and Java SE Embedded 8u33. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2015-2632 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE 6u95, Java SE 7u80 and Java SE 8u45. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
CVE-2015-2637 | Vulnerability in the Java SE, JavaFX, Java SE Embedded component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE 6u95, Java SE 7u80, Java SE 8u45, JavaFX 2.2.80, Java SE Embedded 7u75 and Java SE Embedded 8u33. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE, JavaFX, Java SE Embedded accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
CVE-2015-2638 | Vulnerability in the Java SE, JavaFX, Java SE Embedded component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE 6u95, Java SE 7u80, Java SE 8u45, JavaFX 2.2.80, Java SE Embedded 7u75 and Java SE Embedded 8u33. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2015-2659 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE 8u45 and Java SE Embedded 8u33. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2015-2664 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u95, Java SE 7u80 and Java SE 8u45. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2015-2808 | Vulnerability in the Java SE, JRockit, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE 6u95, Java SE 7u80, Java SE 8u45, JRockit R28.3.6, Java SE Embedded 7u75 and Java SE Embedded 8u33. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, JRockit, Java SE Embedded accessible data as well as read access to a subset of Java SE, JRockit, Java SE Embedded accessible data. Note: Applies to client and server deployment of JSSE. CVSS Base Score 4.0 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
CVE-2015-4000 | Vulnerability in the Java SE, JRockit, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE 6u95, Java SE 7u80, Java SE 8u45, JRockit R28.3.6, Java SE Embedded 7u75 and Java SE Embedded 8u33. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, JRockit, Java SE Embedded accessible data as well as read access to a subset of Java SE, JRockit, Java SE Embedded accessible data. Note: Applies to client and server deployment of JSSE. CVSS Base Score 4.0 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
CVE-2015-4729 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 7u80 and Java SE 8u45. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 4.0 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
CVE-2015-4731 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE 6u95, Java SE 7u80, Java SE 8u45, Java SE Embedded 7u75 and Java SE Embedded 8u33. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2015-4732 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE 6u95, Java SE 7u80, Java SE 8u45, Java SE Embedded 7u75 and Java SE Embedded 8u33. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2015-4733 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE 6u95, Java SE 7u80, Java SE 8u45, Java SE Embedded 7u75 and Java SE Embedded 8u33. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2015-4736 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 7u80 and Java SE 8u45. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2015-4748 | Vulnerability in the Java SE, JRockit, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE 6u95, Java SE 7u80, Java SE 8u45, JRockit R28.3.6, Java SE Embedded 7u75 and Java SE Embedded 8u33. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via OCSP. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2015-4749 | Vulnerability in the Java SE, JRockit, Java SE Embedded component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE 6u95, Java SE 7u80, Java SE 8u45, JRockit R28.3.6, Java SE Embedded 7u75 and Java SE Embedded 8u33. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS Base Score 4.3 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2015-4760 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE 6u95, Java SE 7u80 and Java SE 8u45. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
This table provides the text form of the Risk Matrix for Oracle Sun Systems Products Suite.
CVE Identifier | Description |
---|---|
CVE-2013-5704 | Vulnerability in the SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers component of Oracle Sun Systems Products Suite (subcomponent: Apache HTTP Server). The supported version that is affected is XCP prior to XCP 1120. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers accessible data. CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2014-3570 | Vulnerability in the SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers component of Oracle Sun Systems Products Suite (subcomponent: OpenSSL). The supported version that is affected is XCP prior to XCP 1120. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized read access to a subset of SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers accessible data. Note: This fix also addresses CVE-2014-3572, CVE-2014-8275 and CVE-2015-0204. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
CVE-2014-3571 | Vulnerability in the Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: OpenSSL). Supported versions that are affected are Sun System Firmware prior to 8.7.2.b and 9.4.2e. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Integrated Lights Out Manager (ILOM). Note: This fix also addresses CVE-2015-0206, CVE-2015-0205, CVE-2015-0204, CVE-2014-8275, CVE-2014-3572, CVE-2014-3570 and CVE-2014-3569. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2014-3571 | Vulnerability in the Fujitsu M10-1, M10-4, M10-4S Servers component of Oracle Sun Systems Products Suite (subcomponent: OpenSSL). The supported version that is affected is XCP prior to XCP 2260. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Fujitsu M10-1, M10-4, M10-4S Servers. Note: This fix also addresses CVE-2014-3570, CVE-2014-3572, CVE-2014-8275 and CVE-2015-0204. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2015-0235 | Vulnerability in the SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers component of Oracle Sun Systems Products Suite (subcomponent: XCP Firmware). The supported version that is affected is XCP prior to XCP 1120. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2015-0235 | Vulnerability in the Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: Glibc). Supported versions that are affected are Sun System Firmware prior to 8.7.2.b and 9.4.2e. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2015-0235 | Vulnerability in the Oracle Ethernet Switch ES2-72, Oracle Ethernet Switch ES2-64 component of Oracle Sun Systems Products Suite (subcomponent: Glibc). The supported version that is affected is Versions prior to 1.9.1.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2015-0235 | Vulnerability in the Fujitsu M10-1, M10-4, M10-4S Servers component of Oracle Sun Systems Products Suite (subcomponent: XCP Firmware). The supported version that is affected is XCP prior to XCP 2260. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2015-2580 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: NFSv4). Supported versions that are affected are 10 and 11.2. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS Base Score 1.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2015-2589 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: S10 Branded Zone). Supported versions that are affected are 10 and 11.2. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory] |
CVE-2015-2609 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: CPU performance counters drivers). The supported version that is affected is 11.2. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory] |
CVE-2015-2614 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: NVM Express SSD driver). The supported version that is affected is 11.2. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory] |
CVE-2015-2616 | Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: DevFS). Supported versions that are affected are 3.3 and 4.2. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory] |
CVE-2015-2631 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: rmformat Utility). Supported versions that are affected are 10 and 11.2. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2015-2651 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones virtualized NIC driver). The supported version that is affected is 11.2. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 3.8 (Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:S/C:N/I:N/A:C). (legend) [Advisory] |
CVE-2015-2662 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: DHCP Server). Supported versions that are affected are 10 and 11.2. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 1.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2015-4750 | Vulnerability in the Oracle VM Server for SPARC component of Oracle Sun Systems Products Suite (subcomponent: LDOM Manager). The supported version that is affected is 3.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM Server for SPARC. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2015-4770 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: UNIX filesystem). Supported versions that are affected are 10 and 11.2. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory] |
This table provides the text form of the Risk Matrix for Oracle Virtualization.
CVE Identifier | Description |
---|---|
CVE-2010-1324 | Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: Kerberos). Supported versions that are affected are 4.63, 4.71, 5.1 and 5.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via Kerberos. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Secure Global Desktop accessible data. Note: This fix also addresses CVE-2010-1323 and CVE-2010-4020. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2014-0227 | Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: Apache Tomcat). Supported versions that are affected are 4.63, 4.71 and 5.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Secure Global Desktop accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Secure Global Desktop. CVSS Base Score 6.4 (Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:P). (legend) [Advisory] |
CVE-2014-0230 | Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: Apache Tomcat). Supported versions that are affected are 4.63, 4.71 and 5.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 7.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory] |
CVE-2014-3571 | Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: OpenSSL). Supported versions that are affected are 4.63, 4.71 and 5.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Secure Global Desktop. Note: This fix also addresses CVE-2014-3569, CVE-2014-3570, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205 and CVE-2015-0206. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2014-8102 | Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: X Server). Supported versions that are affected are 4.63, 4.71, 5.1 and 5.2. Easily exploitable vulnerability allows successful authenticated network attacks via X11. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Secure Global Desktop accessible data as well as read access to a subset of Oracle Secure Global Desktop accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Secure Global Desktop. Note: This fix also addresses CVE-2014-8091, CVE-2014-8092, CVE-2014-8093, CVE-2014-8095, CVE-2014-8096, CVE-2014-8097, CVE-2014-8098, CVE-2014-8100 and CVE-2014-8101. CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory] |
CVE-2015-0255 | Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: X Server). Supported versions that are affected are 4.63, 4.71, 5.1 and 5.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via X11. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Secure Global Desktop accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Secure Global Desktop. CVSS Base Score 6.4 (Confidentiality and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P). (legend) [Advisory] |
CVE-2015-0286 | Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: OpenSSL). Supported versions that are affected are 4.63, 4.71, 5.1 and 5.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Secure Global Desktop. Note: This fix also addresses CVE-2015-0287 and CVE-2015-0289. This fix also addresses CVE-2015-0204 in SGD 4.63, 4.71 and 5.1. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2015-1803 | Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: LibXFont). Supported versions that are affected are 4.63, 4.71, 5.1 and 5.2. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. Note: This fix also addresses CVE-2015-1802 and CVE-2015-1804. CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2015-2581 | Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: JServer). Supported versions that are affected are 5.1 and 5.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Secure Global Desktop accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Secure Global Desktop. CVSS Base Score 6.4 (Confidentiality and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P). (legend) [Advisory] |
CVE-2015-2594 | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are VirtualBox prior to 4.0.32, 4.1.40, 4.2.32 and 4.3.30. Difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. Note: This issue affects Windows, Linux and Mac OS X hosts only when guests using bridged networking over Wifi. Solaris hosts don't support this mode and therefore not affected by this issue. CVSS Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:S/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2015-4727 | Vulnerability in the Sun Ray Software component of Oracle Virtualization (subcomponent: Web Console). The supported version that is affected is Sun Ray Software prior to 5.4.4. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Sun Ray Software accessible data as well as read access to a subset of Sun Ray Software accessible data and ability to cause a partial denial of service (partial DOS) of Sun Ray Software. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
This table provides the text form of the Risk Matrix for Oracle MySQL.
CVE Identifier | Description |
---|---|
CVE-2015-2582 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : GIS). Supported versions that are affected are 5.5.43 and earlier and 5.6.24 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2015-2611 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : DML). Supported versions that are affected are 5.6.24 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2015-2617 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.6.24 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized takeover of MySQL Server possibly including arbitrary code execution within the MySQL Server. CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory] |
CVE-2015-2620 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.43 and earlier and 5.6.23 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
CVE-2015-2639 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Firewall). Supported versions that are affected are 5.6.24 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some MySQL Server accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2015-2641 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.24 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2015-2643 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Optimizer). Supported versions that are affected are 5.5.43 and earlier and 5.6.24 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2015-2648 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : DML). Supported versions that are affected are 5.5.43 and earlier and 5.6.24 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2015-2661 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client). Supported versions that are affected are 5.6.24 and earlier. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2015-4737 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.5.43 and earlier and 5.6.23 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
CVE-2015-4752 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : I_S). Supported versions that are affected are 5.5.43 and earlier and 5.6.24 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2015-4756 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : InnoDB). Supported versions that are affected are 5.6.22 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2015-4757 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Optimizer). Supported versions that are affected are 5.5.42 and earlier and 5.6.23 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2015-4761 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Memcached). Supported versions that are affected are 5.6.24 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2015-4767 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Firewall). Supported versions that are affected are 5.6.24 and earlier. Very difficult to exploit vulnerability allows successful network attacks via multiple protocols, requiring multiple authentications. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 1.7 (Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:M/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2015-4769 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Firewall). Supported versions that are affected are 5.6.24 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2015-4771 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : RBR). Supported versions that are affected are 5.6.24 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2015-4772 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.6.24 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
This table provides the text form of the Risk Matrix for Oracle Berkeley DB.
CVE Identifier | Description |
---|---|
CVE-2015-2583 | Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2015-2624 | Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2015-2626 | Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2015-2640 | Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2015-2654 | Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2015-2656 | Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2015-4754 | Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2015-4764 | Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2015-4774 | Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Data Store accessible data and ability to cause a partial denial of service (partial DOS) of Data Store. CVSS Base Score 3.3 (Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P). (legend) [Advisory] |
CVE-2015-4775 | Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2015-4776 | Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2015-4777 | Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2015-4778 | Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2015-4779 | Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Data Store accessible data and ability to cause a partial denial of service (partial DOS) of Data Store. CVSS Base Score 3.3 (Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P). (legend) [Advisory] |
CVE-2015-4780 | Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2015-4781 | Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2015-4782 | Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2015-4783 | Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2015-4784 | Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2015-4785 | Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2015-4786 | Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2015-4787 | Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2015-4788 | Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Data Store accessible data and ability to cause a partial denial of service (partial DOS) of Data Store. CVSS Base Score 3.3 (Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P). (legend) [Advisory] |
CVE-2015-4789 | Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2015-4790 | Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28 and 12.1.6.0.35. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory] |