Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices

This document provides the text form of the CPUJul2016 Advisory Risk Matrices. Please note that the CVE numbers in this document correspond to the same CVE numbers in the CPUJul2016 Advisory

This page contains the following text format Risk Matrices:

Text Form of Risk Matrix for Oracle Database Server

This table provides the text form of the Risk Matrix for Oracle Database Server.

CVE Identifier Description
CVE-2015-0204

Vulnerability in the RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.1 and 12.1.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all RDBMS accessible data.

CVSS v3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N). (legend ) [Advisory ]

CVE-2016-3448

Vulnerability in the Application Express component of Oracle Database Server. The supported version that is affected is Prior to 5.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Application Express accessible data as well as unauthorized read access to a subset of Application Express accessible data.

CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). (legend) [Advisory]

CVE-2016-3467

Vulnerability in the Application Express component of Oracle Database Server. The supported version that is affected is Prior to 5.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Express. While the vulnerability is in Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Application Express.

CVSS v3.0 Base Score 5.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L). (legend) [Advisory]

CVE-2016-3479

Vulnerability in the Portable Clusterware component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Portable Clusterware. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Portable Clusterware.

CVSS v3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]

CVE-2016-3484

Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows high privileged attacker having Create Public Synonym privilege with logon to the infrastructure where Database Vault executes to compromise Database Vault. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Vault accessible data as well as unauthorized read access to a subset of Database Vault accessible data.

CVSS v3.0 Base Score 3.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N). (legend

) [Advisory]

CVE-2016-3488

Vulnerability in the DB Sharding component of Oracle Database Server. The supported version that is affected is 12.1.0.2. Easily exploitable vulnerability allows high privileged attacker having Execute on gsmadmin_internal privilege with logon to the infrastructure where DB Sharding executes to compromise DB Sharding. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all DB Sharding accessible data.

CVSS v3.0 Base Score 4.4 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N). (legend) [Advisory]

CVE-2016-3489

Vulnerability in the Data Pump Import component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows high privileged attacker having Index on SYS.INCVID privilege with logon to the infrastructure where Data Pump Import executes to compromise Data Pump Import. Successful attacks of this vulnerability can result in takeover of Data Pump Import.

CVSS v3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]

CVE-2016-3506

Vulnerability in the JDBC component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.1 and 12.1.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise JDBC. Successful attacks of this vulnerability can result in takeover of JDBC.

CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]

CVE-2016-3609

Vulnerability in the OJVM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via multiple protocols to compromise OJVM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in OJVM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of OJVM.

Note: The score 9.0 is for Windows platform. On Linux platform the score is 8.0.

CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Fusion Middleware

This table provides the text form of the Risk Matrix for Oracle Fusion Middleware.

CVE Identifier Description
CVE-2015-3237

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GlassFish Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GlassFish Server.

CVSS v3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L). (legend ) [Advisory ]

CVE-2015-7182

Vulnerability in the Oracle Directory Server Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Admin Server). Supported versions that are affected are 7.0 and 11.1.1.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Directory Server Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Directory Server Enterprise Edition.

CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]

CVE-2016-1181

Vulnerability in the Oracle Portal component of Oracle Fusion Middleware (subcomponent: User and Group Security). The supported version that is affected is 11.1.1.6. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Portal. Successful attacks of this vulnerability can result in takeover of Oracle Portal.

Note: Please refer to My Oracle Support Note 2155256.1 for instructions on how to address this issue.

CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) (legend) [Advisory]

CVE-2016-1548

Vulnerability in the Oracle Exalogic Infrastructure component of Oracle Fusion Middleware (subcomponent: Base Image). Supported versions that are affected are 1.x and 2.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Exalogic Infrastructure. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Exalogic Infrastructure accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Exalogic Infrastructure.

CVSS v3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L). (legend) [Advisory]

CVE-2016-2107

Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). Supported versions that are affected are 10.1.4.x and 11.1.1.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Access Manager accessible data.

CVSS v3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).(legend

) [Advisory]

CVE-2016-2107

Vulnerability in the Oracle Exalogic Infrastructure component of Oracle Fusion Middleware (subcomponent: Base Image). Supported versions that are affected are 1.x and 2.x. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Exalogic Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Exalogic Infrastructure accessible data.

CVSS v3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory]

CVE-2016-3432

Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: Web Server). Supported versions that are affected are 11.1.1.7.0 and 11.1.1.9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher (formerly XML Publisher), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of BI Publisher (formerly XML Publisher) accessible data as well as unauthorized read access to a subset of BI Publisher (formerly XML Publisher) accessible data.

CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). (legend) [Advisory]

CVE-2016-3433

Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Web Administration). Supported versions that are affected are 11.1.1.7.0 and 11.1.1.9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data.

CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) (legend) [Advisory]

CVE-2016-3445

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 10.3.6.0 and 12.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server.

CVSS v3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory]

CVE-2016-3446

Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Web Administration). Supported versions that are affected are 11.1.1.7.0 and 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. While the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition.

CVSS v3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L). (legend) [Advisory]

CVE-2016-3474

Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0 and 12.2.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher). Successful attacks of this vulnerability can result in unauthorized read access to a subset of BI Publisher (formerly XML Publisher) accessible data.

CVSS v3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory]

CVE-2016-3482

Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: SSL/TLS Module). Supported versions that are affected are 11.1.1.9 and 12.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle HTTP Server accessible data.

CVSS v3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory]

CVE-2016-3487

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: WebCenter Sites). Supported versions that are affected are 11.1.1.8 and 12.2.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Sites.

CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]

CVE-2016-3499

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 12.1.3.0 and 12.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.

CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]

CVE-2016-3502

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: WebCenter Sites). Supported versions that are affected are 11.1.1.8 and 12.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Sites.

CVSS v3.0 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L). (legend) [Advisory]

CVE-2016-3504

Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: ADF Faces). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 and 12.2.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper.

CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) (legend) [Advisory]

CVE-2016-3510

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.

CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]

CVE-2016-3544

Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Web General). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0 and 11.2.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data.

CVSS v3.0 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N). (legend) [Advisory]

CVE-2016-3564

Vulnerability in the Oracle TopLink component of Oracle Fusion Middleware (subcomponent: JPA-RS). Supported versions that are affected are 12.1.3.0, 12.2.1.0 and 12.2.1.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle TopLink. Successful attacks of this vulnerability can result in takeover of Oracle TopLink.

CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]

CVE-2016-3574

Vulnerability in the Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.0, 8.5.1 and 8.5.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Outside In Technology. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Outside In Technology accessible data as well as unauthorized update, insert or delete access to some of Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower.

CVSS v3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

CVE-2016-3575

Vulnerability in the Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.0, 8.5.1 and 8.5.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Outside In Technology. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Outside In Technology accessible data as well as unauthorized update, insert or delete access to some of Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower.

CVSS v3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L).(legend) [Advisory]

CVE-2016-3576

Vulnerability in the Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.0, 8.5.1 and 8.5.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Outside In Technology. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Outside In Technology accessible data as well as unauthorized update, insert or delete access to some of Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower.

CVSS v3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

CVE-2016-3577

Vulnerability in the Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.0, 8.5.1 and 8.5.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Outside In Technology. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Outside In Technology accessible data as well as unauthorized update, insert or delete access to some of Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower.

CVSS v3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

CVE-2016-3578

Vulnerability in the Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.0, 8.5.1 and 8.5.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Outside In Technology. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Outside In Technology accessible data as well as unauthorized update, insert or delete access to some of Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower.

CVSS v3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

CVE-2016-3579

Vulnerability in the Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.0, 8.5.1 and 8.5.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Outside In Technology. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Outside In Technology accessible data as well as unauthorized update, insert or delete access to some of Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower.

CVSS v3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

CVE-2016-3580

Vulnerability in the Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.0, 8.5.1 and 8.5.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Outside In Technology. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Outside In Technology accessible data as well as unauthorized update, insert or delete access to some of Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower.

CVSS v3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

CVE-2016-3581

Vulnerability in the Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.0, 8.5.1 and 8.5.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Outside In Technology. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Outside In Technology accessible data as well as unauthorized update, insert or delete access to some of Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower.

CVSS v3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

CVE-2016-3582

Vulnerability in the Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.0, 8.5.1 and 8.5.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Outside In Technology. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Outside In Technology accessible data as well as unauthorized update, insert or delete access to some of Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower.

CVSS v3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

CVE-2016-3583

Vulnerability in the Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.0, 8.5.1 and 8.5.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Outside In Technology. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Outside In Technology accessible data as well as unauthorized update, insert or delete access to some of Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower.

CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

CVE-2016-3586

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.

Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower.

CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

CVE-2016-3590

Vulnerability in the Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.0, 8.5.1 and 8.5.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Outside In Technology. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Outside In Technology accessible data as well as unauthorized update, insert or delete access to some of Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower.

CVSS v3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

CVE-2016-3591

Vulnerability in the Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.0, 8.5.1 and 8.5.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Outside In Technology. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Outside In Technology accessible data as well as unauthorized update, insert or delete access to some of Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower.

CVSS v3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

CVE-2016-3592

Vulnerability in the Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.0, 8.5.1 and 8.5.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Outside In Technology. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Outside In Technology accessible data as well as unauthorized update, insert or delete access to some of Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower.

CVSS v3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

CVE-2016-3593

Vulnerability in the Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.0, 8.5.1 and 8.5.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Outside In Technology. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Outside In Technology accessible data as well as unauthorized update, insert or delete access to some of Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower.

CVSS v3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

CVE-2016-3594

Vulnerability in the Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.0, 8.5.1 and 8.5.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Outside In Technology. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Outside In Technology accessible data as well as unauthorized update, insert or delete access to some of Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower.

CVSS v3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

CVE-2016-3595

Vulnerability in the Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.0, 8.5.1 and 8.5.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Outside In Technology. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Outside In Technology accessible data as well as unauthorized update, insert or delete access to some of Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower.

CVSS v3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

CVE-2016-3596

Vulnerability in the Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.0, 8.5.1 and 8.5.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Outside In Technology. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Outside In Technology accessible data as well as unauthorized update, insert or delete access to some of Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower.

CVSS v3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

CVE-2016-3607

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in takeover of Oracle GlassFish Server.

Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower.

CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

CVE-2016-3608

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). The supported version that is affected is 3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. While the vulnerability is in Oracle GlassFish Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GlassFish Server accessible data.

CVSS v3.0 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

CVE-2016-5477

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). Supported versions that are affected are 2.1.1 and 3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. While the vulnerability is in Oracle GlassFish Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GlassFish Server accessible data.

CVSS v3.0 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Hyperion

This table provides the text form of the Risk Matrix for Oracle Hyperion.

CVE Identifier Description
CVE-2016-3493

Vulnerability in the Hyperion Financial Reporting component of Oracle Hyperion (subcomponent: Security Models). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Financial Reporting. Successful attacks of this vulnerability can result in takeover of Hyperion Financial Reporting.

CVSS v3.0 Base Score 9.8 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L). (legend ) [Advisory ]

Text Form of Risk Matrix for Oracle Enterprise Manager Grid Control

This table provides the text form of the Risk Matrix for Oracle Enterprise Manager Grid Control.

CVE Identifier Description
CVE-2015-0228

Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Grid Control (subcomponent: Update Provisioning). Supported versions that are affected are 12.1.4, 12.2.2 and 12.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Ops Center. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Ops Center.

CVSS v3.0 Base Score 4.3 (Availability impacts). CVSS Vector (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L). (legend ) [Advisory ]

CVE-2015-3197

Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Grid Control (subcomponent: Networking). Supported versions that are affected are 12.1.4, 12.2.2 and 12.3.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Ops Center accessible data.

CVSS v3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]

CVE-2015-3237

Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Grid Control (subcomponent: Networking). Supported versions that are affected are 12.1.4, 12.2.2 and 12.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Enterprise Manager Ops Center accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Ops Center.

CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) (legend) [Advisory]

CVE-2015-7501

Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Grid Control (subcomponent: Enterprise Controller Install). Supported versions that are affected are 12.1.4, 12.2.2 and 12.3.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in takeover of Enterprise Manager Ops Center.

CVSS v3.0 Base Score 8.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L). (legend) [Advisory]

CVE-2016-0635

Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Grid Control (subcomponent: Enterprise Controller Install). Supported versions that are affected are 12.1.4, 12.2.2 and 12.3.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in takeover of Enterprise Manager Ops Center.

CVSS v3.0 Base Score 8.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L). (legend) [Advisory]

CVE-2016-2107

Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Discovery Framework). Supported versions that are affected are 12.1.0.5 and 13.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform . Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data.

CVSS v3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).(legend

) [Advisory]

CVE-2016-3494

Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Grid Control (subcomponent: OS Provisioning). Supported versions that are affected are 12.1.4, 12.2.2 and 12.3.2. Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Enterprise Manager Ops Center executes to compromise Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Enterprise Manager Ops Center.

CVSS v3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory]

CVE-2016-3496

Vulnerability in the Enterprise Manager for Fusion Middleware component of Oracle Enterprise Manager Grid Control (subcomponent: SOA Topology Viewer). Supported versions that are affected are 11.1.1.7 and 11.1.1.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager for Fusion Middleware. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Enterprise Manager for Fusion Middleware, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Enterprise Manager for Fusion Middleware accessible data.

CVSS v3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). (legend) [Advisory]

CVE-2016-3433

Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Web Administration). Supported versions that are affected are 11.1.1.7.0 and 11.1.1.9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data.

CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) (legend) [Advisory]

CVE-2016-3540

Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: UI Framework). Supported versions that are affected are 12.1.0.5 and 13.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Enterprise Manager Base Platform accessible data.

CVSS v3.0 Base Score 4.3(Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory]

CVE-2016-3563

Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Security Framework). The supported version that is affected is 12.1.0.5. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Enterprise Manager Base Platform executes to compromise Enterprise Manager Base Platform . Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Enterprise Manager Base Platform , attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data.

CVSS v3.0 Base Score 6.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory]

Text Form of Risk Matrix for Oracle E-Business Suite

This table provides the text form of the Risk Matrix for Oracle E-Business Suite.

CVE Identifier Description
CVE-2016-3491

Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Wireless Framework). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data.

CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). (legend ) [Advisory ]

CVE-2016-3491

Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: Function Security). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Interaction History, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Customer Interaction History accessible data as well as unauthorized update, insert or delete access to some of Oracle Customer Interaction History accessible data.

CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). (legend ) [Advisory ]

CVE-2016-3520

Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: AOL Diagnostic tests). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data.

CVSS v3.0 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L). (legend) [Advisory]

CVE-2016-3522

Vulnerability in the Oracle Web Applications Desktop Integrator component of Oracle E-Business Suite (subcomponent: Application Service). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Web Applications Desktop Integrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Web Applications Desktop Integrator accessible data as well as unauthorized update, insert or delete access to some of Oracle Web Applications Desktop Integrator accessible data.

CVSS v3.0 Base Score 8.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory]

CVE-2016-3523

Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: SSL/TLS Module). Supported versions that are affected are 11.1.1.9 and 12.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle HTTP Server accessible data.

CVSS v3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory]

CVE-2016-3524

Vulnerability in the Oracle Applications Technology Stack component of Oracle E-Business Suite (subcomponent: Configuration). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Technology Stack. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Technology Stack accessible data as well as unauthorized read access to a subset of Oracle Applications Technology Stack accessible data.

CVSS v3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]

CVE-2016-3525

Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: Cookie Management). The supported version that is affected is 12.1.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Manager accessible data.

CVSS v3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]

CVE-2016-3528

Vulnerability in the Oracle Internet Expenses component of Oracle E-Business Suite (subcomponent: Expenses Admin Utilities). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Internet Expenses. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Internet Expenses.

CVSS v3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L). (legend) [Advisory]

CVE-2016-3532

Vulnerability in the Oracle Advanced Inbound Telephony component of Oracle E-Business Suite (subcomponent: SDK client integration). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Inbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Inbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Inbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Inbound Telephony accessible data.

CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) (legend) [Advisory]

CVE-2016-3533

Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: Search). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data.

CVSS v3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]

CVE-2016-3534

Vulnerability in the Oracle Installed Base component of Oracle E-Business Suite (subcomponent: Engineering Change Order). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data.

CVSS v3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N). (legend) [Advisory]

CVE-2016-3535

Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Remote Launch). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data.

CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]

CVE-2016-3536

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: Deliverables). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data.

CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

CVE-2016-3541

Vulnerability in the Oracle Common Applications Calendar component of Oracle E-Business Suite (subcomponent: Notes). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications Calendar. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Common Applications Calendar accessible data as well as unauthorized access to critical data or complete access to all Oracle Common Applications Calendar accessible data.

CVSS v3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L).(legend) [Advisory]

CVE-2016-3542

Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: Search, Browse). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Knowledge Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Knowledge Management accessible data.

CVSS v3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

CVE-2016-3543

Vulnerability in the Oracle Common Applications Calendar component of Oracle E-Business Suite (subcomponent: Tasks). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications Calendar. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Common Applications Calendar accessible data as well as unauthorized access to critical data or complete access to all Oracle Common Applications Calendar accessible data.

CVSS v3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

CVE-2016-3545

Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Web based help screens). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data.

CVSS v3.0 Base Score 5.3 (Confidentiality impacts) CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

CVE-2016-3546

Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Web based help screens). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data.

CVSS v3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

CVE-2016-3547

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Content Manager). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle One-to-One Fulfillment accessible data.

CVSS v3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

CVE-2016-3548

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: Marketing activity collateral). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Marketing accessible data.

CVSS v3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

CVE-2016-3549

Vulnerability in the Oracle E-Business Suite Secure Enterprise Search component of Oracle E-Business Suite (subcomponent: Search Integration Engine). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Suite Secure Enterprise Search. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle E-Business Suite Secure Enterprise Search accessible data.

CVSS v3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

CVE-2016-3558

Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: Email Center Agent Console). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Email Center accessible data.

CVSS v3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

CVE-2016-3559

Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: Email Center Agent Console). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Email Center accessible data.

CVSS v3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Supply Chain Products Suite

This table provides the text form of the Risk Matrix for Oracle Supply Chain Products Suite.

CVE Identifier Description
CVE-2015-7501

Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Web Container). Supported versions that are affected are 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.4.0 and 6.4.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in takeover of Oracle Transportation Management.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). (legend ) [Advisory ]

CVE-2016-2107

Vulnerability in the Oracle Agile Engineering Data Management component of Oracle Supply Chain Products Suite (subcomponent: Install). Supported versions that are affected are 6.1.3.0 and 6.2.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile Engineering Data Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile Engineering Data Management accessible data.

CVSS v3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). (legend ) [Advisory ]

CVE-2016-3468

Vulnerability in the Oracle Agile Engineering Data Management component of Oracle Supply Chain Products Suite (subcomponent: Install). Supported versions that are affected are 6.1.3.0 and 6.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTPP to compromise Oracle Agile Engineering Data Management. Successful attacks of this vulnerability can result in takeover of Oracle Agile Engineering Data Management.

CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L). (legend) [Advisory]

CVE-2016-3470

Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Install). The supported version that is affected is 6.4.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Transportation Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Transportation Management accessible data.

CVSS v3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory]

CVE-2016-3490

Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Database). Supported versions that are affected are 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.4.0 and 6.4.1. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Transportation Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Transportation Management accessible data.

CVSS v3.0 Base Score 3.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory]

CVE-2016-3507

Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: WebClient / Admin). Supported versions that are affected are 9.3.4 and 9.3.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data.

CVSS v3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]

CVE-2016-3509

Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: File Folders / URL Attachment). Supported versions that are affected are 9.3.4 and 9.3.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile PLM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data.

CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]

CVE-2016-3517

Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: PC / Get Shortcut). Supported versions that are affected are 9.3.4 and 9.3.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data.

CVSS v3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L). (legend) [Advisory]

CVE-2016-3519

Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: PC / Get Shortcut). Supported versions that are affected are 9.3.4 and 9.3.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile PLM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data.

CVSS v3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) (legend) [Advisory]

CVE-2016-3527

Vulnerability in the Oracle Demand Planning component of Oracle Supply Chain Products Suite (subcomponent: ODPDA Servlet). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demand Planning. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demand Planning accessible data as well as unauthorized access to critical data or complete access to all Oracle Demand Planning accessible data.

CVSS v3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]

CVE-2016-3529

Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: SDK). Supported versions that are affected are 9.3.4 and 9.3.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. While the vulnerability is in Oracle Agile PLM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Agile PLM accessible data.

CVSS v3.0 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N). (legend) [Advisory]

CVE-2016-3530

Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: PGC / Import). Supported versions that are affected are 9.3.4 and 9.3.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Agile PLM accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Agile PLM.

CVSS v3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]

CVE-2016-3531

Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: PC / Notification). Supported versions that are affected are 9.3.4 and 9.3.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Agile PLM accessible data.

CVSS v3.0 Base Score 3.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

CVE-2016-3537

Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: File Folders / Attachment). Supported versions that are affected are 9.3.4 and 9.3.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM accessible data.

CVSS v3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L).(legend) [Advisory]

CVE-2016-3538

Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: File Folders / Attachment). Supported versions that are affected are 9.3.4 and 9.3.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Agile PLM accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Agile PLM.

CVSS v3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

CVE-2016-3539

Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: File Folders / Attachment). Supported versions that are affected are 9.3.4 and 9.3.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Agile PLM accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Agile PLM.

CVSS v3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

CVE-2016-3553

Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: PC Core). Supported versions that are affected are 9.3.4 and 9.3.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data.

CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

CVE-2016-3554

Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: PC / BOM, MCAD, Design). Supported versions that are affected are 9.3.4 and 9.3.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

CVE-2016-3555

Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: PGC / Excel Plugin). Supported versions that are affected are 9.3.4 and 9.3.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile PLM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data.

CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

CVE-2016-3556

Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: EM Integration). Supported versions that are affected are 9.3.4 and 9.3.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM.

CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

CVE-2016-3557

Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: File Load). Supported versions that are affected are 9.3.4 and 9.3.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile PLM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data.

CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

CVE-2016-3560

Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: SDK). Supported versions that are affected are 9.3.4 and 9.3.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Agile PLM accessible data.

CVSS v3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

CVE-2016-3561

Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: SDK). Supported versions that are affected are 9.3.4 and 9.3.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Agile PLM.

CVSS v3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

CVE-2016-5473

Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: File Folders / Attachment). Supported versions that are affected are 9.3.4 and 9.3.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Agile PLM accessible data.

CVSS v3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

Text Form of Risk Matrix for Oracle PeopleSoft Products

This table provides the text form of the Risk Matrix for Oracle PeopleSoft Products.

CVE Identifier Description
CVE-2016-2107

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 8.53, 8.54 and 8.55. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data.

CVSS v3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). (legend ) [Advisory ]

CVE-2016-3478

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: File Processing). Supported versions that are affected are 8.53, 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data.

CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). (legend ) [Advisory ]

CVE-2016-3483

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: File Processing). Supported versions that are affected are 8.53, 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. While the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools.

CVSS v3.0 Base Score 7.2 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L). (legend) [Advisory]

CVE-2016-5465

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Panel Processor). Supported versions that are affected are 8.53, 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data.

CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory]

CVE-2016-5467

Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: eProcurement). Supported versions that are affected are 9.1 and 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FSCM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FSCM accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise FSCM accessible data.

CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory]

CVE-2016-5470

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Application Designer). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data.

CVSS v3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]

CVE-2016-5472

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Install and Packaging). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools.

CVSS v3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]

Text Form of Risk Matrix for Oracle JD Edwards Products

This table provides the text form of the Risk Matrix for Oracle JD Edwards Products.

CVE Identifier Description
CVE-2015-3197

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Enterprise Infrastructure SEC). The supported version that is affected is 9.2.0.5. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Tools accessible data.

CVSS v3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L). (legend ) [Advisory ]

Text Form of Risk Matrix for Oracle Siebel CRM

This table provides the text form of the Risk Matrix for Oracle Siebel CRM.

CVE Identifier Description
CVE-2016-3450

Vulnerability in the Siebel Core - Server Framework component of Oracle Siebel CRM (subcomponent: Services). Supported versions that are affected are 8.1.1, 8.2.2, IP2014, IP2015 and IP2016. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Core - Server Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel Core - Server Framework accessible data.

CVSS v3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). (legend ) [Advisory ]

CVE-2016-3469

Vulnerability in the Siebel Core - Server Framework component of Oracle Siebel CRM (subcomponent: Services). Supported versions that are affected are 8.1.1, 8.2.2, IP2014, IP2015 and IP2016. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Siebel Core - Server Framework executes to compromise Siebel Core - Server Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel Core - Server Framework accessible data.

CVSS v3.0 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). (legend ) [Advisory ]

CVE-2016-3472

Vulnerability in the Siebel Engineering - Installer and Deployment component of Oracle Siebel CRM (subcomponent: Web Server). Supported versions that are affected are 8.1.1, 8.2.2, IP2014, IP2015 and IP2016. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel Engineering - Installer and Deployment. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Siebel Engineering - Installer and Deployment accessible data.

CVSS v3.0 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L). (legend) [Advisory]

CVE-2016-3475

Vulnerability in the Oracle Knowledge component of Oracle Siebel CRM (subcomponent: Information Manager Console). The supported version that is affected is 8.5.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Knowledge accessible data.

CVSS v3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory]

CVE-2016-3476

Vulnerability in the Oracle Knowledge component of Oracle Siebel CRM (subcomponent: Information Manager Console). The supported version that is affected is 8.5.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Knowledge accessible data as well as unauthorized read access to a subset of Oracle Knowledge accessible data.

CVSS v3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory]

CVE-2016-5450

Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). Supported versions that are affected are 8.1.1, 8.2.2, IP2014, IP2015 and IP2016. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel UI Framework accessible data.

CVSS v3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]

CVE-2016-5451

Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: EAI). Supported versions that are affected are 8.1.1, 8.2.2, IP2014, IP2015 and IP2016. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Siebel UI Framework accessible data as well as unauthorized access to critical data or complete access to all Siebel UI Framework accessible data.

CVSS v3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]

CVE-2016-5456

Vulnerability in the Siebel Core - Server Framework component of Oracle Siebel CRM (subcomponent: Services). Supported versions that are affected are 8.1.1, 8.2.2, IP2014, IP2015 and IP2016. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel Core - Server Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Siebel Core - Server Framework accessible data.

CVSS v3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L). (legend) [Advisory]

CVE-2016-5459

Vulnerability in the Siebel Core - Common Components component of Oracle Siebel CRM (subcomponent: iHelp). Supported versions that are affected are 8.1.1, 8.2.2, IP2014, IP2015 and IP2016. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Core - Common Components. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel Core - Common Components, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel Core - Common Components accessible data.

CVSS v3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) (legend) [Advisory]

CVE-2016-5460

Vulnerability in the Siebel Core - Server Framework component of Oracle Siebel CRM (subcomponent: Services). Supported versions that are affected are 8.1.1, 8.2.2, IP2014, IP2015 and IP2016. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Core - Server Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel Core - Server Framework accessible data.

CVSS v3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]

CVE-2016-5461

Vulnerability in the Siebel Core - Server Framework component of Oracle Siebel CRM (subcomponent: Object Manager). Supported versions that are affected are 8.1.1, 8.2.2, IP2014, IP2015 and IP2016. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel Core - Server Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Siebel Core - Server Framework accessible data.

CVSS v3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N). (legend) [Advisory]

CVE-2016-5462

Vulnerability in the Siebel Core - Server Framework component of Oracle Siebel CRM (subcomponent: Workspaces). Supported versions that are affected are 8.1.1, 8.2.2, IP2014, IP2015 and IP2016. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Siebel Core - Server Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel Core - Server Framework accessible data.

CVSS v3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]

CVE-2016-5463

Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: SWSE Server). Supported versions that are affected are 8.1.1, 8.2.2, IP2014, IP2015 and IP2016. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel UI Framework accessible data.

CVSS v3.0 Base Score 4.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

CVE-2016-5464

Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: SWSE Server). Supported versions that are affected are 8.1.1, 8.2.2, IP2014, IP2015 and IP2016. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel UI Framework accessible data.

CVSS v3.0 Base Score 4.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L).(legend) [Advisory]

CVE-2016-5466

Vulnerability in the Siebel Core - Server Framework component of Oracle Siebel CRM (subcomponent: Services). Supported versions that are affected are 8.1.1, 8.2.2, IP2014, IP2015 and IP2016. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Core - Server Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel Core - Server Framework accessible data.

CVSS v3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

CVE-2016-5468

Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: EAI). Supported versions that are affected are 8.1.1, 8.2.2, IP2014, IP2015 and IP2016. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel UI Framework accessible data as well as unauthorized read access to a subset of Siebel UI Framework accessible data.

CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Communications Applications

This table provides the text form of the Risk Matrix for Oracle Communications Applications.

CVE Identifier Description
CVE-2014-3571

Vulnerability in the Oracle Communications Core Session Manager component of Oracle Communications Applications (subcomponent: Routing). Supported versions that are affected are 7.2.5 and 7.3.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Communications Core Session Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Core Session Manager.

CVSS v3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). (legend ) [Advisory ]

CVE-2014-9708

Vulnerability in the Oracle Enterprise Communications Broker component of Oracle Communications Applications (subcomponent: GUI). The supported version that is affected is Prior to PCz 2.0.0m4p1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Communications Broker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Communications Broker.

CVSS v3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). (legend ) [Advisory ]

CVE-2015-0235

Vulnerability in the Oracle Communications EAGLE Application Processor component of Oracle Communications Applications (subcomponent: Other). The supported version that is affected is 16.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications EAGLE Application Processor. Successful attacks of this vulnerability can result in takeover of Oracle Communications EAGLE Application Processor.

CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L). (legend) [Advisory]

CVE-2015-2808

Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: Security). The supported version that is affected is Prior to 9.9.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Policy Management accessible data.

CVSS v3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory]

CVE-2015-3197

Vulnerability in the Oracle Communications Network Charging and Control component of Oracle Communications Applications (subcomponent: DAP, OSD, PI). Supported versions that are affected are 5.0.2.0.0, 5.0.1.0.0, 5.0.0.2.0, 5.0.0.1.0 and 4.4.1.5.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS/SSL to compromise Oracle Communications Network Charging and Control. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Network Charging and Control accessible data.

CVSS v3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory]

CVE-2015-5300

Vulnerability in the Oracle Communications Session Border Controller component of Oracle Communications Applications (subcomponent: System). Supported versions that are affected are 7.2.0 and 7.3.0. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the Oracle Communications Session Border Controller executes to compromise Oracle Communications Session Border Controller. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Session Border Controller accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Session Border Controller.

CVSS v3.0 Base Score 3.7 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]

CVE-2015-7182

Vulnerability in the Oracle Communications Messaging Server component of Oracle Communications Applications (subcomponent: Security). Supported versions that are affected are Prior to 7.0.5.37.0 and 8.0.1.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Messaging Server. Successful attacks of this vulnerability can result in takeover of Oracle Communications Messaging Server.

CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]

CVE-2015-7501

Vulnerability in the Oracle Communications ASAP component of Oracle Communications Applications (subcomponent: Service request translator). Supported versions that are affected are 7.0, 7.2 and 7.3. Easily exploitable vulnerability allows low privileged attacker with network access via T3 to compromise Oracle Communications ASAP. Successful attacks of this vulnerability can result in takeover of Oracle Communications ASAP.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L). (legend) [Advisory]

CVE-2016-0702

Vulnerability in the Oracle Communications Session Border Controller component of Oracle Communications Applications (subcomponent: Encryption). Supported versions that are affected are 7.2.0 and 7.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Communications Session Border Controller. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Session Border Controller accessible data as well as unauthorized read access to a subset of Oracle Communications Session Border Controller accessible data.

CVSS v3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) (legend) [Advisory]

CVE-2016-2107

Vulnerability in the Oracle Communications Unified Session Manager component of Oracle Communications Applications (subcomponent: Routing). Supported versions that are affected are 7.2.5 and 7.3.5. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Communications Unified Session Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Unified Session Manager accessible data.

CVSS v3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]

CVE-2016-3513

Vulnerability in the Oracle Communications Operations Monitor component of Oracle Communications Applications (subcomponent: Infrastructure). The supported version that is affected is Prior to 3.3.92.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Operations Monitor accessible data.

CVSS v3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N). (legend) [Advisory]

CVE-2016-3514

Vulnerability in the Oracle Enterprise Communications Broker component of Oracle Communications Applications (subcomponent: GUI). The supported version that is affected is Prior to PCz 2.0.0m4p1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Communications Broker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Communications Broker accessible data.

CVSS v3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]

CVE-2016-3515

Vulnerability in the Oracle Enterprise Communications Broker component of Oracle Communications Applications (subcomponent: Crash, network, system, admin). The supported version that is affected is Prior to PCz 2.0.0m4p1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Communications Broker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Communications Broker accessible data.

CVSS v3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

CVE-2016-3516

Vulnerability in the Oracle Enterprise Communications Broker component of Oracle Communications Applications (subcomponent: GUI). The supported version that is affected is Prior to PCz 2.0.0m4p1. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Communications Broker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Enterprise Communications Broker accessible data.

CVSS v3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L).(legend) [Advisory]

CVE-2016-5455

Vulnerability in the Oracle Communications Messaging Server component of Oracle Communications Applications (subcomponent: Multiplexor). Supported versions that are affected are 6.3, 7.0 and 8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Messaging Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Messaging Server accessible data.

CVSS v3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

CVE-2016-5458

Vulnerability in the Oracle Communications EAGLE Application Processor component of Oracle Communications Applications (subcomponent: APPL). The supported version that is affected is 16.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications EAGLE Application Processor. While the vulnerability is in Oracle Communications EAGLE Application Processor, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications EAGLE Application Processor accessible data as well as unauthorized read access to a subset of Oracle Communications EAGLE Application Processor accessible data.

CVSS v3.0 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Financial Services Applications

This table provides the text form of the Risk Matrix for Oracle Financial Services Applications.

CVE Identifier Description
CVE-2014-0224 Vulnerability in the Oracle Financial Services Lending and Leasing component of Oracle Financial Services Applications (subcomponent: Admin and setup). Supported versions that are affected are 14.1 and 14.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Lending and Leasing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Lending and Leasing accessible data as well as unauthorized read access to a subset of Oracle Financial Services Lending and Leasing accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Lending and Leasing.

CVSS v3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). (legend) [Advisory]
CVE-2015-7501 Vulnerability in the Oracle Banking Platform component of Oracle Financial Services Applications (subcomponent: Rules collections). Supported versions that are affected are 2.3.0, 2.4.0 and 2.4.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Platform. Successful attacks of this vulnerability can result in takeover of Oracle Banking Platform.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-1181 Vulnerability in the Oracle Banking Platform component of Oracle Financial Services Applications (subcomponent: OPS). Supported versions that are affected are 2.3.0, 2.4.0, 2.4.1 and 2.5.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Platform. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Platform accessible data.

CVSS v3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). (legend) [Advisory]
CVE-2016-3589 Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Base). Supported versions that are affected are 12.0.1, 12.0.2 and 12.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Direct Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Direct Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data.

CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Health Sciences Applications

This table provides the text form of the Risk Matrix for Oracle Health Sciences Applications.

CVE Identifier Description
CVE-2015-3253 Vulnerability in the Oracle Health Sciences Clinical Development Center component of Oracle Health Sciences Applications (subcomponent: Installation and configuration). Supported versions that are affected are 3.1.1.x and 3.1.2.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Health Sciences Clinical Development Center. Successful attacks of this vulnerability can result in takeover of Oracle Health Sciences Clinical Development Center.

CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2015-7501 Vulnerability in the Oracle Healthcare Analytics Data Integration component of Oracle Health Sciences Applications (subcomponent: Self Service Analytics). The supported version that is affected is 3.1.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Healthcare Analytics Data Integration. Successful attacks of this vulnerability can result in takeover of Oracle Healthcare Analytics Data Integration.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2015-7501 Vulnerability in the Oracle Health Sciences Clinical Development Center component of Oracle Health Sciences Applications (subcomponent: Installation and configuration). Supported versions that are affected are 3.1.1.x and 3.1.2.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Health Sciences Clinical Development Center. Successful attacks of this vulnerability can result in takeover of Oracle Health Sciences Clinical Development Center.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-0635 Vulnerability in the Oracle Healthcare Master Person Index component of Oracle Health Sciences Applications (subcomponent: Internal operations). Supported versions that are affected are 2.0.12, 3.0.0 and 4.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Healthcare Master Person Index. Successful attacks of this vulnerability can result in takeover of Oracle Healthcare Master Person Index.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-0635 Vulnerability in the Oracle Health Sciences Information Manager component of Oracle Health Sciences Applications (subcomponent: Health Policy Monitor). Supported versions that are affected are 1.2.8.3, 2.0.2.3 and 3.0.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via TLS, UDP to compromise Oracle Health Sciences Information Manager. Successful attacks of this vulnerability can result in takeover of Oracle Health Sciences Information Manager.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Insurance Applications

This table provides the text form of the Risk Matrix for Oracle Insurance Applications.

CVE Identifier Description
CVE-2015-7501 Vulnerability in the Oracle Insurance Policy Administration J2EE component of Oracle Insurance Applications (subcomponent: Architecture). Supported versions that are affected are 9.6.1, 9.7.1, 10.0.1, 10.1.2, 10.2.0 and 10.2.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Insurance Policy Administration J2EE. Successful attacks of this vulnerability can result in takeover of Oracle Insurance Policy Administration J2EE.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2015-7501 Vulnerability in the Oracle Insurance Rules Palette component of Oracle Insurance Applications (subcomponent: Architecture). Supported versions that are affected are 9.6.1, 9.7.1, 10.0.1, 10.1.2, 10.2.0 and 10.2.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Insurance Rules Palette. Successful attacks of this vulnerability can result in takeover of Oracle Insurance Rules Palette.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2015-7501 Vulnerability in the Oracle Documaker component of Oracle Insurance Applications (subcomponent: Development tools). The supported version that is affected is Prior to 12.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Documaker. Successful attacks of this vulnerability can result in takeover of Oracle Documaker.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2015-7501 Vulnerability in the Oracle Insurance Calculation Engine component of Oracle Insurance Applications (subcomponent: Architecture). Supported versions that are affected are 9.7.1, 10.1.2 and 10.2.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Insurance Calculation Engine. Successful attacks of this vulnerability can result in takeover of Oracle Insurance Calculation Engine.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-0635 Vulnerability in the Oracle Insurance Policy Administration J2EE component of Oracle Insurance Applications (subcomponent: Architecture). Supported versions that are affected are 9.6.1, 9.7.1, 10.0.1, 10.1.2, 10.2.0 and 10.2.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Insurance Policy Administration J2EE. Successful attacks of this vulnerability can result in takeover of Oracle Insurance Policy Administration J2EE.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-0635 Vulnerability in the Oracle Insurance Rules Palette component of Oracle Insurance Applications (subcomponent: Architecture). Supported versions that are affected are 9.6.1, 9.7.1, 10.0.1, 10.1.2, 10.2.0 and 10.2.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Insurance Rules Palette. Successful attacks of this vulnerability can result in takeover of Oracle Insurance Rules Palette.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-0635 Vulnerability in the Oracle Documaker component of Oracle Insurance Applications (subcomponent: Development tools). The supported version that is affected is Prior to 12.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Documaker. Successful attacks of this vulnerability can result in takeover of Oracle Documaker.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-0635 Vulnerability in the Oracle Insurance Calculation Engine component of Oracle Insurance Applications (subcomponent: Architecture). Supported versions that are affected are 9.7.1, 10.1.2 and 10.2.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Insurance Calculation Engine. Successful attacks of this vulnerability can result in takeover of Oracle Insurance Calculation Engine.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Retail Applications

This table provides the text form of the Risk Matrix for Oracle Retail Applications.

CVE Identifier Description
CVE-2015-3253 Vulnerability in the Oracle Retail Store Inventory Management component of Oracle Retail Applications (subcomponent: SIMINT). Supported versions that are affected are 13.2, 14.0 and 14.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Store Inventory Management. Successful attacks of this vulnerability can result in takeover of Oracle Retail Store Inventory Management.

CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2015-3253 Vulnerability in the Oracle Retail Service Backbone component of Oracle Retail Applications (subcomponent: Install). Supported versions that are affected are 13.0, 13.1, 13.2, 14.0, 14.1 and 15.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Service Backbone. Successful attacks of this vulnerability can result in takeover of Oracle Retail Service Backbone.

CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2015-3253 Vulnerability in the Oracle Retail Order Broker component of Oracle Retail Applications (subcomponent: System Administration). Supported versions that are affected are 4.1, 5.1, 5.2 and 15.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Order Broker . Successful attacks of this vulnerability can result in takeover of Oracle Retail Order Broker .

CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2015-7501 Vulnerability in the Oracle Retail Store Inventory Management component of Oracle Retail Applications (subcomponent: SIMINT). Supported versions that are affected are 12.0, 13.0, 13.1, 13.2, 14.0 and 14.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Store Inventory Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Store Inventory Management accessible data as well as unauthorized read access to a subset of Oracle Retail Store Inventory Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Store Inventory Management.

CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). (legend) [Advisory]
CVE-2015-7501 Vulnerability in the Oracle Retail Central, Back Office, Returns Management component of Oracle Retail Applications (subcomponent: Install). Supported versions that are affected are 12.0 13.0, 13.1, 13.2, 13.3, 13.4, 14.0 and 14.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Central, Back Office, Returns Management. Successful attacks of this vulnerability can result in takeover of Oracle Retail Central, Back Office, Returns Management.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2015-7501 Vulnerability in the Oracle Retail Service Backbone component of Oracle Retail Applications (subcomponent: Install). The supported version that is affected is 15.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Service Backbone. Successful attacks of this vulnerability can result in takeover of Oracle Retail Service Backbone.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2015-7501 Vulnerability in the MICROS Retail XBRi Loss Prevention component of Oracle Retail Applications (subcomponent: Retail). Supported versions that are affected are 10.0.1, 10.5.0, 10.6.0, 10.7.0, 10.8.0 and 10.8.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Retail XBRi Loss Prevention. Successful attacks of this vulnerability can result in takeover of MICROS Retail XBRi Loss Prevention.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-0635 Vulnerability in the Oracle Retail Integration Bus component of Oracle Retail Applications (subcomponent: Install). The supported version that is affected is 15.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Integration Bus. Successful attacks of this vulnerability can result in takeover of Oracle Retail Integration Bus.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-0635 Vulnerability in the Oracle Retail Order Broker component of Oracle Retail Applications (subcomponent: Order Broker Foundation). Supported versions that are affected are 5.1, 5.2 and 15.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Order Broker . Successful attacks of this vulnerability can result in takeover of Oracle Retail Order Broker .

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-3081 Vulnerability in the MICROS Retail XBRi Loss Prevention component of Oracle Retail Applications (subcomponent: Retail). Supported versions that are affected are 10.0.1, 10.5.0, 10.6.0, 10.7.0, 10.8.0 and 10.8.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail XBRi Loss Prevention. Successful attacks of this vulnerability can result in takeover of MICROS Retail XBRi Loss Prevention.

CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-3444 Vulnerability in the Oracle Retail Integration Bus component of Oracle Retail Applications (subcomponent: Install). Supported versions that are affected are 13.0, 13.1, 13.2, 14.0, 14.1 and 15.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Integration Bus. Successful attacks of this vulnerability can result in takeover of Oracle Retail Integration Bus.

CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-3565 Vulnerability in the Oracle Retail Order Broker component of Oracle Retail Applications (subcomponent: System Administration). Supported versions that are affected are 5.1 and 5.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Order Broker . Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Retail Order Broker accessible data as well as unauthorized read access to a subset of Oracle Retail Order Broker accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Order Broker .

CVSS v3.0 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L). (legend) [Advisory]
CVE-2016-3611 Vulnerability in the Oracle Retail Order Broker component of Oracle Retail Applications (subcomponent: System Administration). The supported version that is affected is 15.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Order Broker . Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Order Broker accessible data as well as unauthorized read access to a subset of Oracle Retail Order Broker accessible data.

CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N). (legend) [Advisory]
CVE-2016-5474 Vulnerability in the Oracle Retail Service Backbone component of Oracle Retail Applications (subcomponent: RSB Kernel). Supported versions that are affected are 14.0, 14.1 and 15.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Service Backbone. Successful attacks of this vulnerability can result in takeover of Oracle Retail Service Backbone.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-5475 Vulnerability in the Oracle Retail Service Backbone component of Oracle Retail Applications (subcomponent: Install). Supported versions that are affected are 14.0, 14.1 and 15.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Service Backbone. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Service Backbone accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Service Backbone accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Service Backbone.

CVSS v3.0 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]
CVE-2016-5476 Vulnerability in the Oracle Retail Integration Bus component of Oracle Retail Applications (subcomponent: Install). Supported versions that are affected are 13.0, 13.1, 13.2, 14.0, 14.1 and 15.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Integration Bus. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Integration Bus accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Integration Bus accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Integration Bus.

CVSS v3.0 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Utilities Applications

This table provides the text form of the Risk Matrix for Oracle Utilities Applications.

CVE Identifier Description
CVE-2015-7501 Vulnerability in the Oracle Utilities Network Management System component of Oracle Utilities Applications (subcomponent: System wide). Supported versions that are affected are 1.10.0.6.27, 1.11.0.4.41, 1.11.0.5.4, 1.12.0.1.16 and 1.12.0.2.12. 1.12.0.3.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Utilities Network Management System. Successful attacks of this vulnerability can result in takeover of Oracle Utilities Network Management System.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2015-7501 Vulnerability in the Oracle Utilities Work and Asset Management component of Oracle Utilities Applications (subcomponent: Integrations). The supported version that is affected is 1.9.1.2.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Utilities Work and Asset Management. Successful attacks of this vulnerability can result in takeover of Oracle Utilities Work and Asset Management.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2015-7501 Vulnerability in the Oracle Utilities Framework component of Oracle Utilities Applications (subcomponent: System wide). Supported versions that are affected are 2.2.0.0.0, 4.1.0.1.0, 4.1.0.2.0, 4.2.0.1.0, 4.2.0.2.0, 4.2.0.3.0, 4.3.0.1.0 and 4.3.0.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Utilities Framework. Successful attacks of this vulnerability can result in takeover of Oracle Utilities Framework.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Policy Automation

This table provides the text form of the Risk Matrix for Oracle Policy Automation.

CVE Identifier Description
CVE-2015-7501 Vulnerability in the Oracle Policy Automation component of Oracle Policy Automation (subcomponent: Determinations Engine). Supported versions that are affected are 10.3.0, 10.3.1, 10.4.0, 10.4.1, 10.4.2, 10.4.3, 10.4.4, 10.4.5, 10.4.6, 12.1.0 and 12.1.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Policy Automation. Successful attacks of this vulnerability can result in takeover of Oracle Policy Automation.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2015-7501 Vulnerability in the Oracle Policy Automation for Mobile Devices component of Oracle Policy Automation (subcomponent: Mobile Application). The supported version that is affected is 12.1.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Policy Automation for Mobile Devices. Successful attacks of this vulnerability can result in takeover of Oracle Policy Automation for Mobile Devices.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2015-7501 Vulnerability in the Oracle Policy Automation Connector for Siebel component of Oracle Policy Automation (subcomponent: Determinations Server). Supported versions that are affected are 10.3.0, 10.4.0, 10.4.1, 10.4.2, 10.4.3, 10.4.4, 10.4.5 and 10.4.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Policy Automation Connector for Siebel. Successful attacks of this vulnerability can result in takeover of Oracle Policy Automation Connector for Siebel.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2015-7501 Vulnerability in the Oracle In-Memory Policy Analytics component of Oracle Policy Automation (subcomponent: Analysis Server). The supported version that is affected is 12.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle In-Memory Policy Analytics. Successful attacks of this vulnerability can result in takeover of Oracle In-Memory Policy Analytics.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Primavera Products Suite

This table provides the text form of the Risk Matrix for Oracle Primavera Products Suite.

CVE Identifier Description
CVE-2012-3137 Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web access). Supported versions that are affected are 8.2, 8.3 and 8.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Primavera P6 Enterprise Project Portfolio Management.

CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). (legend) [Advisory]
CVE-2015-1791 Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Project manager). Supported versions that are affected are 8.3, 8.4 and 15.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. While the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Primavera P6 Enterprise Project Portfolio Management.

CVSS v3.0 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L). (legend) [Advisory]
CVE-2015-3197 Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Project manager). Supported versions that are affected are 8.3, 8.4, 15.1 and 15.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera P6 Enterprise Project Portfolio Management accessible data.

CVSS v3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory]
CVE-2015-7501 Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web access). Supported versions that are affected are 8.2, 8.3, 8.4, 15.1, 15.2 and 16.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in takeover of Primavera P6 Enterprise Project Portfolio Management.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2015-7501 Vulnerability in the Primavera Contract Management component of Oracle Primavera Products Suite (subcomponent: PCM application). The supported version that is affected is 14.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Contract Management. Successful attacks of this vulnerability can result in takeover of Primavera Contract Management.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-0635 Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web access). Supported versions that are affected are 8.2, 8.3, 8.4, 15.1, 15.2 and 16.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in takeover of Primavera P6 Enterprise Project Portfolio Management.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-0635 Vulnerability in the Primavera Contract Management component of Oracle Primavera Products Suite (subcomponent: PCM web services). The supported version that is affected is 14.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Contract Management. Successful attacks of this vulnerability can result in takeover of Primavera Contract Management.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-3566 Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web access). Supported versions that are affected are 8.3, 8.4, 15.1, 15.2 and 16.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data.

CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). (legend) [Advisory]
CVE-2016-3567 Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web access). Supported versions that are affected are 8.3, 8.4, 15.1, 15.2 and 16.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data.

CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). (legend) [Advisory]
CVE-2016-3568 Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web access). Supported versions that are affected are 8.3, 8.4, 15.1, 15.2 and 16.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data.

CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). (legend) [Advisory]
CVE-2016-3569 Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web access). Supported versions that are affected are 8.3, 8.4, 15.1, 15.2 and 16.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data.

CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). (legend) [Advisory]
CVE-2016-3570 Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web access). Supported versions that are affected are 8.3, 8.4, 15.1, 15.2 and 16.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data.

CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). (legend) [Advisory]
CVE-2016-3571 Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web access). Supported versions that are affected are 8.3, 8.4, 15.1, 15.2 and 16.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data.

CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). (legend) [Advisory]
CVE-2016-3572 Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.3, 8.4, 15.1, 15.2 and 16.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. While the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data.

CVSS v3.0 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N). (legend) [Advisory]
CVE-2016-3573 Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web access). Supported versions that are affected are 8.3, 8.4, 15.1, 15.2 and 16.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data.

CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Java SE

This table provides the text form of the Risk Matrix for Oracle Java SE.

CVE Identifier Description
CVE-2016-3458 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: CORBA). Supported versions that are affected are Java SE: 6u115, 7u101 and 8u92; Java SE Embedded: 8u91. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data.

Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).

CVSS v3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). (legend) [Advisory]
CVE-2016-3485 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u115, 7u101 and 8u92; Java SE Embedded: 8u91; JRockit: R28.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data.

Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.

CVSS v3.0 Base Score 2.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). (legend) [Advisory]
CVE-2016-3498 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u101 and 8u92. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE.

Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).

CVSS v3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory]
CVE-2016-3500 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u115, 7u101 and 8u92; Java SE Embedded: 8u91; JRockit: R28.3.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.

Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.

CVSS v3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory]
CVE-2016-3503 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Install). Supported versions that are affected are Java SE: 6u115, 7u101 and 8u92. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE.

Note: Applies to installation process on client deployment of Java.

CVSS v3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-3508 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u115, 7u101 and 8u92; Java SE Embedded: 8u91; JRockit: R28.3.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.

Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.

CVSS v3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory]
CVE-2016-3511 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 7u101 and 8u92. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE.

Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).

CVSS v3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-3550 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u115, 7u101 and 8u92; Java SE Embedded: 8u91. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.

Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).

CVSS v3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N). (legend) [Advisory]
CVE-2016-3552 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Install). The supported version that is affected is Java SE: 8u92. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE.

Note: Applies to installation process on client deployment of Java.

CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-3587 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). The supported version that is affected is Java SE: 8u92; Java SE Embedded: 8u91. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded.

Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).

CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-3598 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u92; Java SE Embedded: 8u91. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded.

Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).

CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-3606 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u101 and 8u92; Java SE Embedded: 8u91. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded.

Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).

CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-3610 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u92; Java SE Embedded: 8u91. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded.

Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).

CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Sun Systems Products Suite

This table provides the text form of the Risk Matrix for Oracle Sun Systems Products Suite.

CVE Identifier Description
CVE-2012-3410 Vulnerability in the ILOM component of Oracle Sun Systems Products Suite (subcomponent: Restricted Shell). Supported versions that are affected are 3.0, 3.1 and 3.2. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise ILOM. Successful attacks of this vulnerability can result in takeover of ILOM.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2013-2566 Vulnerability in the Fujitsu M10-1, M10-4, M10-4S Servers component of Oracle Sun Systems Products Suite (subcomponent: XCP Firmware). The supported version that is affected is XCP prior to XCP2280. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Fujitsu M10-1, M10-4, M10-4S Servers. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Fujitsu M10-1, M10-4, M10-4S Servers accessible data.

CVSS v3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N). (legend) [Advisory]
CVE-2014-3566 Vulnerability in the Sun Network QDR InfiniBand Gateway Switch component of Oracle Sun Systems Products Suite (subcomponent: Firmware). The supported version that is affected is Versions prior to 2.2.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Sun Network QDR InfiniBand Gateway Switch. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Sun Network QDR InfiniBand Gateway Switch accessible data.

CVSS v3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). (legend) [Advisory]
CVE-2014-3566 Vulnerability in the Sun Data Center InfiniBand Switch 36 component of Oracle Sun Systems Products Suite (subcomponent: Firmware). The supported version that is affected is Versions prior to 2.2.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Sun Data Center InfiniBand Switch 36. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Sun Data Center InfiniBand Switch 36 accessible data.

CVSS v3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). (legend) [Advisory]
CVE-2015-0235 Vulnerability in the Sun Network QDR InfiniBand Gateway Switch component of Oracle Sun Systems Products Suite (subcomponent: Firmware). The supported version that is affected is Versions prior to 2.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Sun Network QDR InfiniBand Gateway Switch. Successful attacks of this vulnerability can result in takeover of Sun Network QDR InfiniBand Gateway Switch.

CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2015-0235 Vulnerability in the Sun Data Center InfiniBand Switch 36 component of Oracle Sun Systems Products Suite (subcomponent: Firmware). The supported version that is affected is Versions prior to 2.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Sun Data Center InfiniBand Switch 36. Successful attacks of this vulnerability can result in takeover of Sun Data Center InfiniBand Switch 36.

CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2015-1793 Vulnerability in the ILOM component of Oracle Sun Systems Products Suite (subcomponent: OpenSSL). Supported versions that are affected are 3.0, 3.1 and 3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise ILOM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of ILOM accessible data as well as unauthorized read access to a subset of ILOM accessible data.

CVSS v3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N). (legend) [Advisory]
CVE-2015-2808 Vulnerability in the SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers component of Oracle Sun Systems Products Suite (subcomponent: XCP Firmware). The supported version that is affected is XCP prior to XCP1121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers accessible data.

CVSS v3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N). (legend) [Advisory]
CVE-2015-3183 Vulnerability in the SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers component of Oracle Sun Systems Products Suite (subcomponent: XCP Firmware). The supported version that is affected is XCP prior to XCP1121. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers accessible data.

CVSS v3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N). (legend) [Advisory]
CVE-2015-3197 Vulnerability in the 40G 10G 72/64 Ethernet Switch component of Oracle Sun Systems Products Suite (subcomponent: Firmware). The supported version that is affected is 2.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise 40G 10G 72/64 Ethernet Switch. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all 40G 10G 72/64 Ethernet Switch accessible data.

CVSS v3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory]
CVE-2015-5600 Vulnerability in the ILOM component of Oracle Sun Systems Products Suite (subcomponent: SSH). Supported versions that are affected are 3.0, 3.1 and 3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSH to compromise ILOM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of ILOM and unauthorized read access to a subset of ILOM accessible data.

CVSS v3.0 Base Score 8.2 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H). (legend) [Advisory]
CVE-2015-8104 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Solaris Kernel Zones). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. While the vulnerability is in Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris.

CVSS v3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-0800 Vulnerability in the Fujitsu M10-1, M10-4, M10-4S Servers component of Oracle Sun Systems Products Suite (subcomponent: XCP Firmware). The supported version that is affected is XCP prior to XCP2320. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Fujitsu M10-1, M10-4, M10-4S Servers. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Fujitsu M10-1, M10-4, M10-4S Servers accessible data.

CVSS v3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N). (legend) [Advisory]
CVE-2016-3451 Vulnerability in the ILOM component of Oracle Sun Systems Products Suite (subcomponent: Web). Supported versions that are affected are 3.0, 3.1 and 3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise ILOM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in ILOM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of ILOM accessible data.

CVSS v3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N). (legend) [Advisory]
CVE-2016-3453 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris.

CVSS v3.0 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-3480 Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: HA for Postgresql). Supported versions that are affected are 3.3 and 4.3. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Solaris Cluster executes to compromise Solaris Cluster. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Solaris Cluster accessible data.

CVSS v3.0 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory]
CVE-2016-3481 Vulnerability in the ILOM component of Oracle Sun Systems Products Suite (subcomponent: Web). Supported versions that are affected are 3.0, 3.1 and 3.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise ILOM. While the vulnerability is in ILOM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of ILOM.

CVSS v3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-3497 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris.

CVSS v3.0 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-3584 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Libadimalloc). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris.

CVSS v3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-3585 Vulnerability in the ILOM component of Oracle Sun Systems Products Suite (subcomponent: Emulex). Supported versions that are affected are 3.0, 3.1 and 3.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise ILOM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all ILOM accessible data as well as unauthorized access to critical data or complete access to all ILOM accessible data.

CVSS v3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). (legend) [Advisory]
CVE-2016-5445 Vulnerability in the ILOM component of Oracle Sun Systems Products Suite (subcomponent: Authentication). Supported versions that are affected are 3.0, 3.1 and 3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise ILOM. While the vulnerability is in ILOM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of ILOM accessible data as well as unauthorized read access to a subset of ILOM accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of ILOM.

CVSS v3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L). (legend) [Advisory]
CVE-2016-5446 Vulnerability in the ILOM component of Oracle Sun Systems Products Suite (subcomponent: Infrastructure). Supported versions that are affected are 3.0, 3.1 and 3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise ILOM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of ILOM accessible data as well as unauthorized read access to a subset of ILOM accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of ILOM.

CVSS v3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). (legend) [Advisory]
CVE-2016-5447 Vulnerability in the ILOM component of Oracle Sun Systems Products Suite (subcomponent: Backup-Restore). Supported versions that are affected are 3.0, 3.1 and 3.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise ILOM. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all ILOM accessible data as well as unauthorized update, insert or delete access to some of ILOM accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of ILOM.

CVSS v3.0 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]
CVE-2016-5448 Vulnerability in the ILOM component of Oracle Sun Systems Products Suite (subcomponent: SNMP). Supported versions that are affected are 3.0, 3.1 and 3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via SNMP to compromise ILOM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of ILOM accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of ILOM.

CVSS v3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L). (legend) [Advisory]
CVE-2016-5449 Vulnerability in the ILOM component of Oracle Sun Systems Products Suite (subcomponent: Console Redirection). Supported versions that are affected are 3.0, 3.1 and 3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise ILOM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of ILOM.

CVSS v3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-5452 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Verified Boot). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Solaris accessible data.

CVSS v3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory]
CVE-2016-5453 Vulnerability in the ILOM component of Oracle Sun Systems Products Suite (subcomponent: IPMI). Supported versions that are affected are 3.0, 3.1 and 3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via IPMI to compromise ILOM. Successful attacks of this vulnerability can result in takeover of ILOM.

CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-5454 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Verified Boot). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. While the vulnerability is in Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris as well as unauthorized update, insert or delete access to some of Solaris accessible data.

CVSS v3.0 Base Score 6.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H). (legend) [Advisory]
CVE-2016-5457 Vulnerability in the ILOM component of Oracle Sun Systems Products Suite (subcomponent: LUMAIN). Supported versions that are affected are 3.0, 3.1 and 3.2. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise ILOM. Successful attacks of this vulnerability can result in takeover of ILOM.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-5469 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris.

CVSS v3.0 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-5471 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris.

CVSS v3.0 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Virtualization

This table provides the text form of the Risk Matrix for Oracle Virtualization.

CVE Identifier Description
CVE-2013-2064 Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: X Server). Supported versions that are affected are 4.71 and 5.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via X11 to compromise Oracle Secure Global Desktop. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Secure Global Desktop accessible data as well as unauthorized read access to a subset of Oracle Secure Global Desktop accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Secure Global Desktop.

CVSS v3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). (legend) [Advisory]
CVE-2016-3597 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is VirtualBox prior to 5.0.26. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox.

CVSS v3.0 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-3612 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is VirtualBox prior to 5.0.22. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data.

CVSS v3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory]
CVE-2016-3613 Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: OpenSSL). Supported versions that are affected are 4.63, 4.71 and 5.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Oracle Secure Global Desktop. Successful attacks of this vulnerability can result in takeover of Oracle Secure Global Desktop.

CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]

Text Form of Risk Matrix for Oracle MySQL

This table provides the text form of the Risk Matrix for Oracle MySQL.

CVE Identifier Description
CVE-2016-2105 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.30 and earlier and 5.7.12 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS v3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-3424 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.12 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS v3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-3440 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS v3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-3452 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.48 and earlier, 5.6.29 and earlier and 5.7.10 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data.

CVSS v3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory]
CVE-2016-3459 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.30 and earlier and 5.7.12 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS v3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-3471 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Option). Supported versions that are affected are 5.5.45 and earlier and 5.6.26 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server.

CVSS v3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-3477 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.49 and earlier, 5.6.30 and earlier and 5.7.12 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server.

CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-3486< Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 5.6.30 and earlier and 5.7.12 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS v3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-3501 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.30 and earlier and 5.7.12 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS v3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-3518 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.12 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS v3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-3521 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Types). Supported versions that are affected are 5.5.49 and earlier, 5.6.30 and earlier and 5.7.12 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS v3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-3588 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB ). Supported versions that are affected are 5.7.12 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data.

CVSS v3.0 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H). (legend) [Advisory]
CVE-2016-3614 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.30 and earlier and 5.7.12 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS v3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-3615 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.49 and earlier, 5.6.30 and earlier and 5.7.12 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS v3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-5436 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.12 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS v3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-5437 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Log). Supported versions that are affected are 5.7.12 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS v3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-5439 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Privileges). Supported versions that are affected are 5.6.30 and earlier and 5.7.12 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS v3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-5440 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: RBR). Supported versions that are affected are 5.5.49 and earlier, 5.6.30 and earlier and 5.7.12 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS v3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-5441 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.12 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS v3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-5442 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption ). Supported versions that are affected are 5.7.12 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS v3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-5443 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection). Supported versions that are affected are 5.7.12 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS v3.0 Base Score 4.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-5444 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection). Supported versions that are affected are 5.5.48 and earlier, 5.6.29 and earlier and 5.7.11 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data.

CVSS v3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory]