Text Form of Oracle Critical Patch Update - July 2013 Risk Matrices

This document provides the text form of the CPUJul2013 Advisory Risk Matrices. Please note that the CVE numbers in this document correspond to the same CVE numbers in the CPUJul2013 Advisory

This page contains the following text format Risk Matrices:

Text Form of Risk Matrix for Oracle Database Server

This table provides the text form of the Risk Matrix for Oracle Database Server.

CVE Identifier Description
CVE-2013-3751 Vulnerability in the XML Parser component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.2.0.2 and 11.2.0.3. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C). (legend) [Advisory]
CVE-2013-3760 Vulnerability in the Oracle executable component of Oracle Database Server. Supported versions that are affected are 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2 and 11.2.0.3. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2013-3771 Vulnerability in the Oracle executable component of Oracle Database Server. Supported versions that are affected are 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2 and 11.2.0.3. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2013-3774 Vulnerability in the Network Layer component of Oracle Database Server. Supported versions that are affected are 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2 and 11.2.0.3. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2013-3789 Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Create Session, Create Procedure privileges for a successful attack. Supported versions that are affected are 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2 and 11.2.0.3. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized takeover of Core RDBMS possibly including arbitrary code execution within the Core RDBMS.

CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory]
CVE-2013-3790 Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Privileged Account privileges for a successful attack. Supported versions that are affected are 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2 and 11.2.0.3. Very difficult to exploit vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Core RDBMS accessible data.

CVSS Base Score 2.1 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:N/I:P/A:N). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Fusion Middleware

This table provides the text form of the Risk Matrix for Oracle Fusion Middleware.

CVE Identifier Description
CVE-2005-3352 Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). The supported version that is affected is 10.1.3.5.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle HTTP Server accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2006-5752 Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). The supported version that is affected is 10.1.3.5.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle HTTP Server accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2007-3847 Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). For supported versions that are affected see note. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server.

Note: Fixed in all supported releases and patchsets.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2007-5000 Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). The supported version that is affected is 10.1.3.5.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle HTTP Server accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2007-6388 Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). The supported version that is affected is 10.1.3.5.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle HTTP Server accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2008-2364 Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). For supported versions that are affected see note. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server.

Note: Fixed in all supported releases and patchsets.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2010-0425 Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). The supported version that is affected is 10.1.3.5.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to all Oracle HTTP Server accessible data.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2010-0434 Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). The supported version that is affected is 10.1.3.5.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle HTTP Server accessible data.

CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2010-2068 Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Proxy Plug-In). For supported versions that are affected see note. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle HTTP Server accessible data.

Note: Fixed in all supported releases and patchsets.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-0419 Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). For supported versions that are affected see note. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server.

Note: Fixed in all supported releases and patchsets.

CVSS Base Score 4.3 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2011-3348 Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). For supported versions that are affected see note. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server.

Note: Fixed in all supported releases and patchsets.

CVSS Base Score 4.3 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-2687 Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). For supported versions that are affected see note. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle HTTP Server accessible data.

Note: Fixed in all supported releases and patchsets.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2013-2461 Vulnerability in the Oracle JRockit component of Oracle Fusion Middleware. Supported versions that are affected are R27.7.5 and earlier and R28.2.7 and earlier. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle JRockit accessible data as well as read access to a subset of Oracle JRockit accessible data and ability to cause a partial denial of service (partial DOS) of Oracle JRockit.

Note: Oracle released a Java SE Critical Patch Update on June 18, 2013 to address multiple vulnerabilities affecting the Java Runtime Environment. Oracle CVE-2013-2461 refers to the advisories that are applicable to JRockit from the Java SE Critical Patch Update. The CVSS score of this vulnerability CVE# reflects the highest among those fixed in JRockit. The complete list of all vulnerabilities addressed in JRockit under CVE-2013-2461 is as follows: CVE-2013-2461, CVE-2013-2407, CVE-2013-2457, CVE-2013-1571, CVE-2013-2451.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2013-3755 Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: SSO Engine). The supported version that is affected is 11.1.1.5.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Access Manager accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2013-3763 Vulnerability in the Oracle Endeca Server component of Oracle Fusion Middleware (subcomponent: Software). Supported versions that are affected are 7.4.0 and 7.5.1.1. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Endeca Server accessible data as well as read access to a subset of Oracle Endeca Server accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2013-3764 Vulnerability in the Oracle Endeca Server component of Oracle Fusion Middleware (subcomponent: Software). Supported versions that are affected are 7.4.0 and 7.5.1.1. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Endeca Server accessible data as well as read access to a subset of Oracle Endeca Server accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2013-3769 Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Site Studio). Supported versions that are affected are 10.1.3.5.1, 11.1.1.6.0 and 11.1.1.7.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebCenter Content accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2013-3770 Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Supported versions that are affected are 10.1.3.5.1, 11.1.1.6.0 and 11.1.1.7.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebCenter Content accessible data as well as read access to a subset of Oracle WebCenter Content accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2013-3772 Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Web Forms). Supported versions that are affected are 10.1.3.5.1, 11.1.1.6.0 and 11.1.1.7.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebCenter Content accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2013-3776 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.3.7, 8.4.0 and 8.4.1. Difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS Base Score would increase to 6.8.

CVSS Base Score 1.5 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2013-3781 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.3.7, 8.4.0 and 8.4.1. Difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS Base Score would increase to 6.8.

CVSS Base Score 1.5 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Hyperion

This table provides the text form of the Risk Matrix for Oracle Hyperion.

CVE Identifier Description
CVE-2013-3803 Vulnerability in the Hyperion BI+ component of Oracle Hyperion (subcomponent: Intelligence Service). Supported versions that are affected are 11.1.1.3, 11.1.1.4.107 and earlier, 11.1.2.1.129 and earlier and 11.1.2.2.305 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Hyperion BI+ accessible data.

CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Enterprise Manager Grid Control

This table provides the text form of the Risk Matrix for Oracle Enterprise Manager Grid Control.

CVE Identifier Description
CVE-2013-3758 Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Schema Management). Supported versions that are affected are EM Base Platform: 10.2.0.5, 11.1.0.1 EM DB Control: 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3 EM Plugin for DB: 12.1.0.2 and 12.1.0.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Base Platform accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2013-3791 Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: User Interface Framework). The supported version that is affected is EM Base Platform: 10.2.0.5 EM DB Control: 11.1.0.7. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Base Platform accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]

Text Form of Risk Matrix for Oracle E-Business Suite

This table provides the text form of the Risk Matrix for Oracle E-Business Suite.

CVE Identifier Description
CVE-2013-3747 Vulnerability in the Oracle Applications Technology Stack component of Oracle E-Business Suite (subcomponent: Client System Analyzer). Supported versions that are affected are 11.5.10.2, 12.0.6 and 12.1.3. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Technology Stack accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2013-3749 Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Logging). Supported versions that are affected are 11.5.10.2, 12.0.6 and 12.1.3. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data.

CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2013-3756 Vulnerability in the Oracle Landed Cost Management component of Oracle E-Business Suite (subcomponent: Shipment Workbench). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Landed Cost Management accessible data as well as read access to all Oracle Landed Cost Management accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2013-3767 Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Oracle Access Gate). The supported version that is affected is Access Gate 1.2.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Object Library accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2013-3777 Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Signon). Supported versions that are affected are 11.5.10.2, 12.0.6 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Object Library accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2013-3778 Vulnerability in the Oracle Applications Technology Stack component of Oracle E-Business Suite (subcomponent: Help). Supported versions that are affected are 12.0.6 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Applications Technology Stack accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2013-3788 Vulnerability in the Oracle iSupplier Portal component of Oracle E-Business Suite (subcomponent: Supplier Management). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.1, 12.1.2 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle iSupplier Portal accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Supply Chain Products Suite

This table provides the text form of the Risk Matrix for Oracle Supply Chain Products Suite.

CVE Identifier Description
CVE-2013-3822 Vulnerability in the Oracle Agile PLM Framework component of Oracle Supply Chain Products Suite (subcomponent: Web Client (CS)). The supported version that is affected is 9.3.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Agile PLM Framework accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2013-3823 Vulnerability in the Oracle Agile PLM Framework component of Oracle Supply Chain Products Suite (subcomponent: Security). The supported version that is affected is 9.3.1. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Agile PLM Framework accessible data.

CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2013-3824 Vulnerability in the Oracle Agile Collaboration Framework component of Oracle Supply Chain Products Suite (subcomponent: Manufacturing/Mfg Parts). The supported version that is affected is 9.3.1. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Agile Collaboration Framework accessible data.

CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2013-3825 Vulnerability in the Oracle Agile Product Collaboration component of Oracle Supply Chain Products Suite (subcomponent: Folders & Files Attachment). The supported version that is affected is 9.3.1. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Agile Product Collaboration accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]

Text Form of Risk Matrix for Oracle PeopleSoft Products

This table provides the text form of the Risk Matrix for Oracle PeopleSoft Products.

CVE Identifier Description
CVE-2013-3759 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Search Functionality). Supported versions that are affected are 8.52 and 8.53. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2013-3761 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are Portal 9.1 and PeopleTools 8.52. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2013-3768 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Rich Text Editor). Supported versions that are affected are 8.51, 8.52 and 8.53. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2013-3780 Vulnerability in the PeopleSoft Enterprise Portal component of Oracle PeopleSoft Products (subcomponent: Saved Search). The supported version that is affected is 9.1. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise Portal accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2013-3784 Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: Time and Labor). The supported version that is affected is 9.1. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise HRMS accessible data as well as read access to a subset of PeopleSoft Enterprise HRMS accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2013-3800 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Business Interlinks). Supported versions that are affected are 8.51, 8.52 and 8.53. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data as well as read access to a subset of PeopleSoft Enterprise PeopleTools accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2013-3818 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.51, 8.52 and 8.53. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2013-3819 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Mobile Applications). Supported versions that are affected are 8.51, 8.52 and 8.53. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data and ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools.

CVSS Base Score 6.4 (Confidentiality and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P). (legend) [Advisory]
CVE-2013-3820 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Business Interlink). Supported versions that are affected are 8.51, 8.52 and 8.53. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2013-3821 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.51, 8.52 and 8.53. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data and ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools.

CVSS Base Score 6.4 (Confidentiality and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P). (legend) [Advisory]

Text Form of Risk Matrix for Oracle iLearning

This table provides the text form of the Risk Matrix for Oracle iLearning.

CVE Identifier Description
CVE-2013-3775 Vulnerability in the Oracle iLearning component of Oracle iLearning (subcomponent: Learner Pages). Supported versions that are affected are 5.2.1 and 6.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle iLearning accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Industry Applications

This table provides the text form of the Risk Matrix for Oracle Industry Applications.

CVE Identifier Description
CVE-2013-3816 Vulnerability in the Oracle Policy Automation component of Oracle Industry Applications (subcomponent: Determinations Engine). Supported versions that are affected are 10.2.0, 10.3.0, 10.3.1, 10.4.0, 10.4.1 and 10.4.2. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to all Oracle Policy Automation accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]

Text Form of Risk Matrix for Oracle and Sun Systems Products Suite

This table provides the text form of the Risk Matrix for Oracle and Sun Systems Products Suite.

CVE Identifier Description
CVE-2013-0398 Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Utility/Remote Execution Server(in.rexecd)). Supported versions that are affected are 8, 9, 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2013-3745 Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Libraries/Libc). Supported versions that are affected are 8, 9, 10 and 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris.

CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2013-3746 Vulnerability in the Solaris Cluster component of Oracle and Sun Systems Products Suite (subcomponent: Zone Cluster Infrastructure). Supported versions that are affected are 3.2, 3.3 and 4 prior to 4.1 SRU 3. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2013-3748 Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Driver/IDM (iSCSI Data Mover)). The supported version that is affected is 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via iSCSI/iSER. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 7.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2013-3750 Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Kernel/VM). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: CVE-2013-3750 occurs only when Solaris is running on X86 platform.

CVSS Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2013-3752 Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Service Management Facility (SMF)). The supported version that is affected is 11. Difficult to exploit vulnerability allows successful unauthenticated network attacks via NDMP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2013-3753 Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Kernel/STREAMS framework). The supported version that is affected is 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 7.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2013-3754 Vulnerability in the Solaris Cluster component of Oracle and Sun Systems Products Suite (subcomponent: HA for TimesTen). The supported version that is affected is 3.3. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2013-3757 Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: SMF/File Locking Services). Supported versions that are affected are 8, 9, 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via NFS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris.

CVSS Base Score 6.4 (Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:P). (legend) [Advisory]
CVE-2013-3765 Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Kernel/VM). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2013-3773 Vulnerability in the SPARC Enterprise M Series Servers component of Oracle and Sun Systems Products Suite (subcomponent: XSCF Control Package (XCP)). Supported versions that are affected are XCP 1114 and earlier. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of SPARC Enterprise M Series Servers.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2013-3786 Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 9, 10 and 11. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:S/C:C/I:C/A:C). (legend) [Advisory]
CVE-2013-3787 Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows successful unauthenticated network attacks via SCTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris.

CVSS Base Score 4.3 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2013-3797 Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Filesystem/DevFS). The supported version that is affected is 11. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 4.7 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2013-3799 Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

Note: CVE-2013-3799 occurs only when Solaris is running on AMD64 platform.

CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2013-3813 Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Libraries/PAM-Unix). The supported version that is affected is 10. Difficult to exploit vulnerability allows successful unauthenticated network attacks via NFSv2. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data.

CVSS Base Score 5.8 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Virtualization

This table provides the text form of the Risk Matrix for Oracle Virtualization.

CVE Identifier Description
CVE-2013-3779 Vulnerability in the Secure Global Desktop component of Oracle Virtualization (subcomponent: Web UI). Supported versions that are affected are All 4.6 releases including 4.63 and 4.7 prior to 4.71. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Secure Global Desktop accessible data as well as read access to a subset of Secure Global Desktop accessible data and ability to cause a partial denial of service (partial DOS) of Secure Global Desktop.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2013-3782 Vulnerability in the Secure Global Desktop component of Oracle Virtualization (subcomponent: Web UI). Supported versions that are affected are 4.6 prior to 4.63 and 4.7 prior to 4.71. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Secure Global Desktop accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]

Text Form of Risk Matrix for Oracle MySQL

This table provides the text form of the Risk Matrix for Oracle MySQL.

CVE Identifier Description
CVE-2013-1861 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: GIS). Supported versions that are affected are 5.1.69 and earlier, 5.5.31 and earlier and 5.6.11 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 6.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C). (legend) [Advisory]
CVE-2013-3783 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Parser). Supported versions that are affected are 5.5.31 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2013-3793 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Data Manipulation Language). Supported versions that are affected are 5.5.31 and earlier and 5.6.11 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2013-3794 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Partition). Supported versions that are affected are 5.5.30 and earlier and 5.6.10. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2013-3795 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Data Manipulation Language). Supported versions that are affected are 5.6.11 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2013-3796 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.6.11 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2013-3798 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MemCached). Supported versions that are affected are 5.6.11 and earlier. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as update, insert or delete access to some MySQL Server accessible data.

CVSS Base Score 5.8 (Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:P). (legend) [Advisory]
CVE-2013-3801 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Options). Supported versions that are affected are 5.5.30 and earlier and 5.6.10. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2013-3802 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Full Text Search). Supported versions that are affected are 5.1.69 and earlier, 5.5.31 and earlier and 5.6.11 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2013-3804 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.69 and earlier, 5.5.31 and earlier and 5.6.11 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2013-3805 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Prepared Statements). Supported versions that are affected are 5.5.30 and earlier and 5.6.10. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2013-3806 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.11 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2013-3807 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Privileges). Supported versions that are affected are 5.6.11 and earlier. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some MySQL Server accessible data as well as read access to a subset of MySQL Server accessible data.

CVSS Base Score 4.0 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2013-3808 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Options). Supported versions that are affected are 5.1.68 and earlier, 5.5.30 and earlier and 5.6.10. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2013-3809 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Audit Log). Supported versions that are affected are 5.5.31 and earlier and 5.6.11 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some MySQL Server accessible data.

CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2013-3810 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: XA Transactions). Supported versions that are affected are 5.6.11 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2013-3811 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.11 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2013-3812 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Replication). Supported versions that are affected are 5.5.31 and earlier and 5.6.11 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory]