No results found

Your search did not match any results.

We suggest you try the following to help find what you’re looking for:

  • Check the spelling of your keyword search.
  • Use synonyms for the keyword you typed, for example, try “application” instead of “software.”
  • Try one of the popular searches shown below.
  • Start a new search.
Trending Questions

Text Form of Oracle Critical Patch Update - July 2011 Risk Matrices

This document provides the text form of the CPUJul2011 Advisory Risk Matrices. Please note that the CVE numbers in this document correspond to the same CVE numbers in the CPUJul2011 Advisory

This page contains the following text format Risk Matrices:

Text Form of Risk Matrix for Oracle Database Server

This table provides the text form of the Risk Matrix for Oracle Database Server.

CVE Identifier Description
CVE-2011-0832 Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Create session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.1 and 11.2.0.2. Difficult to exploit vulnerability allows successful authenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized takeover of Core RDBMS possibly including arbitrary code execution within the Core RDBMS.

CVSS Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-0835 Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Create session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.1 and 11.2.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized takeover of Core RDBMS possibly including arbitrary code execution within the Core RDBMS.

CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-0838 Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Create session, create procedure privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.1 and 11.2.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized takeover of Core RDBMS possibly including arbitrary code execution within the Core RDBMS.

CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-0880 Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Create session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.1 and 11.2.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized takeover of Core RDBMS possibly including arbitrary code execution within the Core RDBMS.

CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-2230 Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7 and 11.2.0.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Core RDBMS.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2011-2231 Vulnerability in the XML Developer Kit component of Oracle Database Server. Supported versions that are affected are 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7 and 11.2.0.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via Various. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of XML Developer Kit.

Note: Patching the client is required to protect applications that make use of the XML Developer Kit. However, patching the server is sufficient to protect the database.

CVSS Base Score 4.3 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2011-2232 Vulnerability in the XML Developer Kit component of Oracle Database Server. This vulnerability requires Authenticated session privileges for a successful attack. Supported versions that are affected are 10.1.0.5, 10.2.0.3, 10.2.0.4, 11.1.0.7 and 11.2.0.1. Difficult to exploit vulnerability allows successful authenticated network attacks via Various. Successful attack of this vulnerability can result in unauthorized takeover of XML Developer Kit possibly including arbitrary code execution within the XML Developer Kit.

Note: Patching the client is required to protect applications that make use of the XML Developer Kit. However, patching the server is sufficient to protect the database.

CVSS Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-2238 Vulnerability in the Database Vault component of Oracle Database Server. This vulnerability requires Execute on DBMS_SYS_SQL privileges for a successful attack. Supported versions that are affected are 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7 and 11.2.0.1. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Database Vault accessible data.

CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-2239 Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Create library, Execute on package XMLSEQ_IMP_T privileges for a successful attack. Supported versions that are affected are 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1 and 11.2.0.2. Very difficult to exploit vulnerability allows successful authenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:C/I:C/A:C). (legend) [Advisory]
CVE-2011-2240 Vulnerability in the Oracle Universal Installer component of Oracle Database Server. This vulnerability requires Access to filesystem privileges for a successful attack. The supported version that is affected is 10.1.0.5. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized read access to all Oracle Universal Installer accessible data.

CVSS Base Score 1.7 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-2242 Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Local account and Database account with privilege to login to XML DB FTP privileges for a successful attack. Supported versions that are affected are 11.2.0.1 and 11.2.0.2. Difficult to exploit vulnerability requiring logon to Operating System plus additional, multiple logins to components. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized read access to a subset of Core RDBMS accessible data.

CVSS Base Score 1.3 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:M/Au:M/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-2243 Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Create session and trigger as SYSDBA privileges for a successful attack. Supported versions that are affected are 11.1.0.7.3, 11.2.0.1 and 11.2.0.2. Difficult to exploit vulnerability allows successful authenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Core RDBMS accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-2253 Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires SYSDBA privileges for a successful attack. Supported versions that are affected are 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1 and 11.2.0.2. Very difficult to exploit vulnerability allows successful authenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:C/I:C/A:C). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Secure Backup

This table provides the text form of the Risk Matrix for Oracle Secure Backup.

CVE Identifier Description
CVE-2011-2251 Vulnerability in the Oracle Secure Backup component of Oracle Secure Backup. The supported version that is affected is 10.3.0.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Secure Backup accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-2252 Vulnerability in the Oracle Secure Backup component of Oracle Secure Backup. The supported version that is affected is 10.3.0.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Secure Backup accessible data as well as read access to all Oracle Secure Backup accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Secure Backup.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-2261 Vulnerability in the Oracle Secure Backup component of Oracle Secure Backup. The supported version that is affected is 10.3.0.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: CVSS Score is 10.0 for Windows based installation. For Linux, Unix and other platforms, the CVSS Base Score is 7.5, and the impacts for Confidentiality, Integrity and Availability are Partial.

CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Fusion Middleware

This table provides the text form of the Risk Matrix for Oracle Fusion Middleware.

CVE Identifier Description
CVE-2010-1321 Vulnerability in the Oracle Security Service component of Oracle Fusion Middleware (subcomponent: Security Toolkit). Supported versions that are affected are 11.1.1.3, 11.1.1.4 and 11.1.1.5. Easily exploitable vulnerability allows successful authenticated network attacks via Kerberos. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 6.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C). (legend) [Advisory]
CVE-2011-0873 Vulnerability in the Oracle JRockit component of Oracle Fusion Middleware. Supported versions that are affected are R27.6.9 and before: JRE/JDK 1.4.2 and 5 and 6; R28.1.3 and before: JRE/JDK 5 and 6. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Oracle released a Java Critical Patch Update in June 2011 to address multiple vulnerabilities affecting the Java Runtime Environment. Oracle CVE-2011-0873 refers to the advisories that were applicable to JRockit from the Java Critical Patch Update. The CVSS score of this vulnerability CVE# reflects the highest among those fixed in JRockit. The complete list of all advisories addressed in JRockit under CVE-2011-0873 is as follows: CVE-2011-0802, CVE-2011-0814, CVE-2011-0815, CVE-2011-0862, CVE-2011-0865, CVE-2011-0866, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871, CVE-2011-0872 and CVE-2011-0873.

CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2011-0883 Vulnerability in the Oracle Containers for J2EE component of Oracle Fusion Middleware (subcomponent: Servlet Runtime in OC4J). Supported versions that are affected are 10.1.2.3, 10.1.3.5, 10.1.4.0.1 and 10.1.4.3. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Containers for J2EE accessible data.

CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-0884 Vulnerability in the Oracle BPEL Process Manager component of Oracle Fusion Middleware (subcomponent: BPEL Console). For supported versions that are affected see note. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle BPEL Process Manager.

Note: Fixed in all supported releases and patchsets.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2011-2241 Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Server). Supported versions that are affected are 10.1.3.4.1 and 11.1.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2011-2264 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.3.2.0 and 8.3.5.0. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized takeover of Oracle Outside In Technology possibly including arbitrary code execution within the Oracle Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. Its privileges are controlled by the embedding technology. Depending on the hosting software, the CVSS score can be as high as 9.3 if the hosting software runs as root and passes data received over the network to Outside In Technology code.

CVSS Base Score 4.4 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-2267 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.3.2.0 and 8.3.5.0. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. Its privileges are controlled by the embedding technology. Depending on the hosting software, the CVSS score can be as high as 7.1 if the hosting software runs as root and passes data received over the network to Outside In Technology code.

CVSS Base Score 1.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Enterprise Manager Grid Control

This table provides the text form of the Risk Matrix for Oracle Enterprise Manager Grid Control.

CVE Identifier Description
CVE-2011-0811 Vulnerability in the Enterprise Config Management component of Oracle Enterprise Manager Grid Control (subcomponent: None). Supported versions that are affected are 10.1.0.6 and 10.2.0.5. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to any arbitrary Operating System location.

CVSS Base Score 4.9 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:C/I:N/A:N). (legend) [Advisory]
CVE-2011-0816 Vulnerability in the CMDB Metadata & Instance APIs component of Oracle Enterprise Manager Grid Control (subcomponent: None). Supported versions that are affected are 10.1.0.6 and 10.2.0.5. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all CMDB Metadata & Instance APIs accessible data as well as read access to all CMDB Metadata & Instance APIs accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-0822 Vulnerability in the Streams, AQ & Replication Mgmt component of Oracle Enterprise Manager Grid Control (subcomponent: None). The supported version that is affected is 10.1.0.6. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Streams, AQ & Replication Mgmt accessible data as well as read access to a subset of Streams, AQ & Replication Mgmt accessible data and ability to cause a partial denial of service (partial DOS) of Streams, AQ & Replication Mgmt.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-0830 Vulnerability in the Event Management component of Oracle Enterprise Manager Grid Control (subcomponent: Rules Management UI). The supported version that is affected is 10.1.0.6. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Event Management accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-0831 Vulnerability in the Enterprise Config Management component of Oracle Enterprise Manager Grid Control (subcomponent: None). Supported versions that are affected are 10.1.0.6 and 10.2.0.5. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Enterprise Config Management accessible data as well as read access to all Enterprise Config Management accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-0845 Vulnerability in the Database Control component of Oracle Enterprise Manager Grid Control (subcomponent: None). The supported version that is affected is 10.1.0.6. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Database Control accessible data as well as read access to a subset of Database Control accessible data and ability to cause a partial denial of service (partial DOS) of Database Control.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-0848 Vulnerability in the Security Framework component of Oracle Enterprise Manager Grid Control (subcomponent: User Model). Supported versions that are affected are 10.1.0.6 and 10.2.0.5. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Security Framework accessible data as well as read access to a subset of Security Framework accessible data and ability to cause a partial denial of service (partial DOS) of Security Framework.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-0852 Vulnerability in the Security Management component of Oracle Enterprise Manager Grid Control (subcomponent: Audit Administration). The supported version that is affected is 10.1.0.6. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Security Management accessible data as well as read access to a subset of Security Management accessible data and ability to cause a partial denial of service (partial DOS) of Security Management.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-0870 Vulnerability in the Schema Management component of Oracle Enterprise Manager Grid Control (subcomponent: None). Supported versions that are affected are 10.1.0.6 and 10.2.0.5. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Schema Management accessible data as well as read access to a subset of Schema Management accessible data and ability to cause a partial denial of service (partial DOS) of Schema Management.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-0875 Vulnerability in the EMCTL component of Oracle Enterprise Manager Grid Control (subcomponent: None). The supported version that is affected is See note. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all EMCTL accessible data as well as read access to all EMCTL accessible data.

Note: Fixed in all supported releases and patchsets.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-0876 Vulnerability in the Enterprise Manager Console component of Oracle Enterprise Manager Grid Control (subcomponent: Security). Supported versions that are affected are 10.1.0.6 and 10.2.0.5. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Console accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-0877 Vulnerability in the Instance Management component of Oracle Enterprise Manager Grid Control (subcomponent: None). The supported version that is affected is 10.1.0.6. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Instance Management accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-0879 Vulnerability in the Instance Management component of Oracle Enterprise Manager Grid Control (subcomponent: None). Supported versions that are affected are 10.1.0.6 and 10.2.0.5. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Instance Management accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-0881 Vulnerability in the EMCTL component of Oracle Enterprise Manager Grid Control (subcomponent: None). The supported version that is affected is 10.1.0.6. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some EMCTL accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-0882 Vulnerability in the Content Management component of Oracle Enterprise Manager Grid Control (subcomponent: Scheduler). The supported version that is affected is See note. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Content Management accessible data as well as read access to a subset of Content Management accessible data and ability to cause a partial denial of service (partial DOS) of Content Management.

Note: Fixed in all supported releases and patchsets.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-2244 Vulnerability in the Security Framework component of Oracle Enterprise Manager Grid Control (subcomponent: Authentication). Supported versions that are affected are 10.1.0.6, 10.2.0.5 and 11.1.0.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Security Framework accessible data as well as read access to a subset of Security Framework accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-2248 Vulnerability in the SQL Performance Advisories/UIs component of Oracle Enterprise Manager Grid Control (subcomponent: SQL Details UI & Explain Plan). Supported versions that are affected are 10.1.0.6, 10.2.0.5 and 11.1.0.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some SQL Performance Advisories/UIs accessible data as well as read access to a subset of SQL Performance Advisories/UIs accessible data and ability to cause a partial denial of service (partial DOS) of SQL Performance Advisories/UIs.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-2257 Vulnerability in the Database Target Type Menus component of Oracle Enterprise Manager Grid Control (subcomponent: None). Supported versions that are affected are 10.1.0.6, 10.2.0.5 and 11.1.0.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Database Target Type Menus accessible data as well as read access to a subset of Database Target Type Menus accessible data and ability to cause a partial denial of service (partial DOS) of Database Target Type Menus.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]

Text Form of Risk Matrix for Oracle E-Business Suite

This table provides the text form of the Risk Matrix for Oracle E-Business Suite.

CVE Identifier Description
CVE-2011-2246 Vulnerability in the Business Intelligence component of Oracle E-Business Suite (subcomponent: Financials). Supported versions that are affected are 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Business Intelligence accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Supply Chain Products Suite

This table provides the text form of the Risk Matrix for Oracle Supply Chain Products Suite.

CVE Identifier Description
CVE-2011-2273 Vulnerability in the Agile Core Technology component of Oracle Supply Chain Products Suite (subcomponent: Search). Supported versions that are affected are 9.3.0.3 and 9.3.1.1. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Agile Core Technology accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]

Text Form of Risk Matrix for Oracle PeopleSoft Products

This table provides the text form of the Risk Matrix for Oracle PeopleSoft Products.

CVE Identifier Description
CVE-2011-2250 Vulnerability in the PeopleSoft Enterprise FIN component of Oracle PeopleSoft Products (subcomponent: Receivables). Supported versions that are affected are 9.0 Bundle #36 and 9.1 Bundle #13. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise FIN accessible data as well as read access to a subset of PeopleSoft Enterprise FIN accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-2272 Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: eProcurement). Supported versions that are affected are 9.0 Bundle #36 and 9.1 Bundle #13. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise FSCM accessible data as well as read access to a subset of PeopleSoft Enterprise FSCM accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-2274 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: None). Supported versions that are affected are 8.49.31, 8.50.20 and 8.51.11. Difficult to exploit vulnerability allows successful authenticated network attacks via Proprietary. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all PeopleSoft Enterprise PeopleTools accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-2275 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: None). Supported versions that are affected are 8.49.31, 8.50.20 and 8.51.11. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all PeopleSoft Enterprise PeopleTools accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-2277 Vulnerability in the PeopleSoft Enterprise SCM component of Oracle PeopleSoft Products (subcomponent: Purchasing). The supported version that is affected is 9.0 Bundle #36 9.1 Bundle #13. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise SCM accessible data as well as read access to a subset of PeopleSoft Enterprise SCM accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-2278 Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: Talent Acquisition Manager). The supported version that is affected is 8.9 Bundle #24 9.0 Bundle #17 9.1 Bundle #6. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HRMS accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-2279 Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: Talent Acquisition Manager). The supported version that is affected is 9.1 Bundle #6. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise HRMS accessible data as well as read access to a subset of PeopleSoft Enterprise HRMS accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-2280 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: None). Supported versions that are affected are 8.49.31, 8.50.20 and 8.51.11. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data.

CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-2281 Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: Global Payroll Core). Supported versions that are affected are 8.9 Update 2011-D. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise HRMS accessible data as well as read access to a subset of PeopleSoft Enterprise HRMS accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-2282 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: None). Supported versions that are affected are 8.50.20 and 8.51.11. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-2283 Vulnerability in the PeopleSoft Enterprise FMS component of Oracle PeopleSoft Products (subcomponent: Payables). Supported versions that are affected are 9.0 Bundle #36 and 9.1 Bundle #13. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise FMS accessible data as well as read access to a subset of PeopleSoft Enterprise FMS accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-2284 Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: ePerformance). The supported version that is affected is 9.0 Bundle #17. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HRMS accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Sun Products Suite

This table provides the text form of the Risk Matrix for Oracle Sun Products Suite.

CVE Identifier Description
CVE-2011-1511 Vulnerability in the Oracle GlassFish Server component of Oracle Sun Products Suite (subcomponent: Administration). Supported versions that are affected are 2.1.1 and 3.0.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: CVE-2011-1511: CVSS score is 10 for Windows platform. The score will be 7.5 on Linux or Solaris platform.

CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2011-2245 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: SSH). Supported versions that are affected are 9 and 10. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSH. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-2249 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: TCP/IP). Supported versions that are affected are 8, 9 and 10. Difficult to exploit vulnerability allows successful authenticated network attacks via TCP/IP, but can only be launched from an adjacent network. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 5.2 (Availability impacts). CVSS V2 Vector: (AV:A/AC:M/Au:S/C:N/I:N/A:C). (legend) [Advisory]
CVE-2011-2258 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: rksh). Supported versions that are affected are 8, 9, 10 and 11 Express. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris.

CVSS Base Score 4.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-2259 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: UFS). Supported versions that are affected are 8, 9, 10 and 11 Express. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2011-2260 Vulnerability in the Oracle GlassFish Server component of Oracle Sun Products Suite (subcomponent: Administration). The supported version that is affected is 2.1.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle GlassFish Server accessible data as well as read access to a subset of Oracle GlassFish Server accessible data.

CVSS Base Score 5.8 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-2263 Vulnerability in the SPARC T3, Netra SPARC T3, Sun Fire, Sun Blade Server Series component of Oracle Sun Products Suite (subcomponent: Sun Integrated Lights Out Manager). The supported version that is affected is SysFW 8.0.3.b or earlier for SPARC T3 based servers; see 1334601.1 for other servers. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of SPARC T3, Netra SPARC T3, Sun Fire, Sun Blade Server Series accessible data.

Note: CVE-2011-2263: Specific products affected are: SPARC T3-1, SPARC T3-1B, SPARC T3-3, SPARC T3-4, Netra SPARC T3-1, Sun Blade X6250, Sun Blade x6270, Sun Blade x6270 M2, Sun Blade X6275, Sun Blade X6275 M2, Sun Blade X6440 M2, Sun Blade X6450, Sun Fire X2270 M2, Sun Fire X2270, Sun Fire X4170 M2, Sun Fire X4170, Sun Fire X4270 M2, Sun Fire X4270, Sun Fire X4275, Sun Fire x4470 M2, Sun Fire x4470, Sun Fire x4540.

CVSS Base Score 2.1 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-2285 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Installer). The supported version that is affected is 10. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2011-2287 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: fingerd). Supported versions that are affected are 8, 9, 10 and 11 Express. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 7.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2011-2288 Vulnerability in the SPARC T3 Series, SPARC Netra T3 Series component of Oracle Sun Products Suite (subcomponent: Sun Integrated Lights Out Manager (ILOM)). The supported version that is affected is SysFW 8.1.0.a. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSH. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: CVE-2011-2288: Specific products affected are: SPARC T3-1, SPARC T3-1B, SPARC T3-2, SPARC T3-4, Netra SPARC T3-1, Netra SPARC T3-1B.

CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2011-2289 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: LiveUpgrade). The supported version that is affected is 10. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris.

CVSS Base Score 3.6 (Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:P/A:P). (legend) [Advisory]
CVE-2011-2290 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel/sockfs). Supported versions that are affected are 10 and 11 Express. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2011-2291 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Trusted Extensions). The supported version that is affected is 10. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized read access to a subset of Solaris accessible data.

CVSS Base Score 1.7 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-2293 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Zones). The supported version that is affected is 11 Express. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2011-2294 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: SSH). Supported versions that are affected are 10 and 11 Express. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSH. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2011-2295 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Driver/USB). Supported versions that are affected are 8, 9, 10 and 11 Express. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 4.7 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2011-2296 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel/SCTP). The supported version that is affected is 11 Express. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2011-2297 Vulnerability in the Oracle Solaris Cluster component of Oracle Sun Products Suite (subcomponent: Data Service for WebLogic Server). The supported version that is affected is 3.3. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS) as well as update, insert or delete access to some Oracle Solaris Cluster accessible data and read access to a subset of Oracle Solaris Cluster accessible data.

CVSS Base Score 6.1 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:C). (legend) [Advisory]
CVE-2011-2298 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: KSSL). Supported versions that are affected are 10 and 11 Express. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSL. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2011-2299 Vulnerability in the SPARC Enterprise M Series component of Oracle Sun Products Suite (subcomponent: XSCF Control Package (XCP) ). The supported version that is affected is XCP 1101 or earlier. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSH. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some SPARC Enterprise M Series accessible data as well as read access to a subset of SPARC Enterprise M Series accessible data and ability to cause a partial denial of service (partial DOS) of SPARC Enterprise M Series.

Note: CVE-2011-2299: Specific products affected are: SPARC Enterprise M3000, SPARC Enterprise M4000, SPARC Enterprise M5000, SPARC Enterprise M8000, SPARC Enterprise M9000.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-2307 Vulnerability in the SPARC T3, Netra SPARC T3, Sun Fire, Sun Blade Server Series component of Oracle Sun Products Suite (subcomponent: Sun Integrated Lights Out Manager (ILOM)). The supported version that is affected is SysFW 8.1.0.a for SPARC T3 based servers; see 1334601.1 for other servers. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSH. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some SPARC T3, Netra SPARC T3, Sun Fire, Sun Blade Server Series accessible data as well as read access to a subset of SPARC T3, Netra SPARC T3, Sun Fire, Sun Blade Server Series accessible data and ability to cause a partial denial of service (partial DOS) of SPARC T3, Netra SPARC T3, Sun Fire, Sun Blade Server Series.

Note: CVE-2011-2307: Specific products affected are: SPARC T3-1, SPARC T3-1B, SPARC T3-2, SPARC T3-4, Netra SPARC T3-1, Netra SPARC T3-1B, Sun Fire X4170 M2, Sun Fire X4270 M2, Sun Blade x6270 M2, Sun Fire x4470, Sun Fire x4470 M2.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]