Text Form of Oracle Critical Patch Update - October 2011 Risk Matrices

This document provides the text form of the CPUOct2011 Advisory Risk Matrices. Please note that the CVE numbers in this document correspond to the same CVE numbers in the CPUOct2011 Advisory

This page contains the following text format Risk Matrices:

Text Form of Risk Matrix for Oracle Database Server

This table provides the text form of the Risk Matrix for Oracle Database Server.

CVE Identifier Description
CVE-2011-2301 Vulnerability in the Oracle Text component of Oracle Database Server. This vulnerability requires Execute on CTXSYS.DRVDISP privileges for a successful attack. Supported versions that are affected are 10.1.0.5, 10.2.0.3, 10.2.0.4 and 11.1.0.7. Difficult to exploit vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: The CVSS Base Score is 8.5 only for Windows. For Linux, Unix and other platforms, the CVSS Base Score is 6.0, and the impacts for Confidentiality, Integrity and Availability are Partial+.

CVSS Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:C/I:C/A:C). (legend) [Advisory]
CVE-2011-2322 Vulnerability in the Database Vault component of Oracle Database Server. This vulnerability requires SYSDBA privileges for a successful attack. The supported version that is affected is 11.1.0.7. Very difficult to exploit vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Database Vault accessible data and ability to cause a partial denial of service (partial DOS) of Database Vault.

CVSS Base Score 3.6 (Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:N/I:P/A:P). (legend) [Advisory]
CVE-2011-3511 Vulnerability in the Database Vault component of Oracle Database Server. This vulnerability requires Privileged Account privileges for a successful attack. Supported versions that are affected are 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7 and 11.2.0.2. Very difficult to exploit vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Database Vault accessible data and ability to cause a partial denial of service (partial DOS) of Database Vault.

CVSS Base Score 3.6 (Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:N/I:P/A:P). (legend) [Advisory]
CVE-2011-3512 Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Create session, create procedure, create table privileges for a successful attack. Supported versions that are affected are 10.1.0.5, 10.2.0.3, 10.2.0.4,10.2.0.5, 11.1.0.7 and 11.2.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Core RDBMS accessible data as well as read access to all Core RDBMS accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-3525 Vulnerability in the Application Express component of Oracle Database Server. This vulnerability requires APEX developer user privileges for a successful attack. Supported versions that are affected are 3.2 and 4.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized takeover of Application Express possibly including arbitrary code execution within the Application Express.

CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Fusion Middleware

This table provides the text form of the Risk Matrix for Oracle Fusion Middleware.

CVE Identifier Description
CVE-2011-2237 Vulnerability in the Oracle Web Services Manager component of Oracle Fusion Middleware (subcomponent: WSM Console). Supported versions that are affected are 10.1.3.5.0 and 10.1.3.5.1. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Web Services Manager accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-2255 Vulnerability in the Oracle WebLogic Portal component of Oracle Fusion Middleware. Supported versions that are affected are 9.2.3.0, 10.0.1.0, 10.2.1.0 and 10.3.2.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebLogic Portal accessible data as well as read access to a subset of Oracle WebLogic Portal accessible data and ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Portal.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-2314 Vulnerability in the Oracle Containers for J2EE component of Oracle Fusion Middleware (subcomponent: JavaServer Pages). The supported version that is affected is 10.1.2.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Containers for J2EE accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-2318 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 9.2.4.0, 10.0.2.0, 10.3.3.0, 10.3.4.0 and 10.3.5.0. Difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized read access to a subset of Oracle WebLogic Server accessible data.

CVSS Base Score 1.5 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-2319 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: JMS). Supported versions that are affected are 9.2.4.0, 10.0.2.0, 10.3.3.0, 10.3.4.0 and 10.3.5.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data.

CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-2320 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 9.2.4.0, 10.0.2.0, 10.3.3.0, 10.3.4.0 and 10.3.5.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-3192 Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware. Supported versions that are affected are 10.1.2.3 (Companion CD), 10.1.3.5 (Companion CD), 11.1.1.3, 11.1.1.4 and 11.1.1.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle HTTP Server.

Note: Fixes for CVE-2011-3192 were distributed earlier in a Security Alert in September of this year. See Alert for CVE-2011-3192, for more information.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2011-3510 Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: BI Platform Security). Supported versions that are affected are 11.1.1.3.0 and 11.1.1.5.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Business Intelligence Enterprise Edition accessible data as well as read access to all Oracle Business Intelligence Enterprise Edition accessible data.

CVSS Base Score 4.9 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-3523 Vulnerability in the Oracle Web Services Manager component of Oracle Fusion Middleware (subcomponent: WSM Console). Supported versions that are affected are 10.1.3.5.0 and 10.1.3.5.1. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Web Services Manager accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-3541 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.3.5 and 8.3.7. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. Its privileges are controlled by the embedding technology. Depending on the hosting software, the CVSS score can be as high as 7.1 if the hosting software runs as root and passes data received over the network to Outside In Technology code.

CVSS Base Score 1.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory]

Text Form of Risk Matrix for Oracle E-Business Suite

This table provides the text form of the Risk Matrix for Oracle E-Business Suite.

CVE Identifier Description
CVE-2011-2302 Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Single Sign On). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.2 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Object Library accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-2303 Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments / File Upload). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.2 and 12.1.3. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Object Library accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-2308 Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Online Help). Supported versions that are affected are 12.0.6, 12.1.2 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Object Library accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-3513 Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: HTML Pages). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.2 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Object Library accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-3519 Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: REST Services). Supported versions that are affected are 12.1.2 and 12.1.3. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Framework accessible data.

CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Supply Chain Products Suite

This table provides the text form of the Risk Matrix for Oracle Supply Chain Products Suite.

CVE Identifier Description
CVE-2011-3532 Vulnerability in the Oracle Agile Product Supplier Collaboration for Process component of Oracle Supply Chain Products Suite (subcomponent: Supplier Portal). Supported versions that are affected are 5.2.2, 6.0.0.2, 6.0.0.3 and 6.0.0.4. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Agile Product Supplier Collaboration for Process accessible data.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]

Text Form of Risk Matrix for Oracle PeopleSoft Products

This table provides the text form of the Risk Matrix for Oracle PeopleSoft Products.

CVE Identifier Description
CVE-2011-2315 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 8.49, 8.50 and 8.51. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data as well as read access to a subset of PeopleSoft Enterprise PeopleTools accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-3520 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Personalization). Supported versions that are affected are 8.49, 8.50 and 8.51. Difficult to exploit vulnerability allows successful network attacks via HTTP, requiring multiple authentications. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data.

CVSS Base Score 2.8 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:M/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-3527 Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: Candidate Gateway). The supported version that is affected is 9.1. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise HRMS accessible data as well as read access to a subset of PeopleSoft Enterprise HRMS accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-3528 Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: eProfile). The supported version that is affected is 8.9. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise HRMS accessible data as well as read access to a subset of PeopleSoft Enterprise HRMS accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-3529 Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: Talent Acquisition Manager). Supported versions that are affected are 9.0 and 9.1. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HRMS accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-3530 Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: eDevelopment). The supported version that is affected is 8.9. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HRMS accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-3533 Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: Job Profile Manager (JPM)). The supported version that is affected is 8.9. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise HRMS accessible data as well as read access to a subset of PeopleSoft Enterprise HRMS accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Siebel CRM

This table provides the text form of the Risk Matrix for Oracle Siebel CRM.

CVE Identifier Description
CVE-2011-2316 Vulnerability in the Siebel Apps - Marketing component of Oracle Siebel CRM (subcomponent: Email Marketing). The supported version that is affected is 8.0.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Siebel Apps - Marketing accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-3518 Vulnerability in the Siebel Core - UIF Client component of Oracle Siebel CRM (subcomponent: User Interface). The supported version that is affected is 8.0.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Siebel Core - UIF Client accessible data as well as read access to a subset of Siebel Core - UIF Client accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-3526 Vulnerability in the Siebel Core - UIF Server component of Oracle Siebel CRM (subcomponent: User Interface). Supported versions that are affected are 8.0.0 and 8.1.1. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Siebel Core - UIF Server accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Industry Applications

This table provides the text form of the Risk Matrix for Oracle Industry Applications.

CVE Identifier Description
CVE-2011-2309 Vulnerability in the Health Sciences - Oracle Clinical, Remote Data Capture component of Oracle Industry Applications (subcomponent: RDC Help). Supported versions that are affected are 4.6 and 4.6.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Health Sciences - Oracle Clinical, Remote Data Capture accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-2323 Vulnerability in the Health Sciences - Oracle Thesaurus Management System component of Oracle Industry Applications (subcomponent: TMS Help ). Supported versions that are affected are 4.6.1 and 4.6.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Health Sciences - Oracle Thesaurus Management System accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Sun Products Suite

This table provides the text form of the Risk Matrix for Oracle Sun Products Suite.

CVE Identifier Description
CVE-2011-2286 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: ZFS). Supported versions that are affected are 10 and 11 Express. Very difficult to exploit vulnerability allows successful authenticated network attacks via NFS. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris.

CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2011-2292 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: xscreensaver). Supported versions that are affected are 9 and 11 Express. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data.

CVSS Base Score 2.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:L/AC:H/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2011-2304 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Network Services Library (libnsl(3LIB))). The supported version that is affected is 10. Difficult to exploit vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data.

CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-2310 Vulnerability in the Oracle Waveset component of Oracle Sun Products Suite (subcomponent: User Administration). Supported versions that are affected are 8.1.0 and 8.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Waveset accessible data as well as read access to a subset of Oracle Waveset accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Waveset.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2011-2311 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: ZFS). The supported version that is affected is 10. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris.

CVSS Base Score 1.7 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2011-2312 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: ZFS). The supported version that is affected is 10. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized read access to a subset of Solaris accessible data.

CVSS Base Score 1.7 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-2313 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: ZFS). The supported version that is affected is 10. Easily exploitable vulnerability requiring logon to Operating System plus additional, multiple logins to components. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 4.3 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:M/C:N/I:N/A:C). (legend) [Advisory]
CVE-2011-2327 Vulnerability in the Oracle Communications Unified component of Oracle Sun Products Suite (subcomponent: Delegated Administrator). The supported version that is affected is 7.0. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Unified accessible data.

CVSS Base Score 2.1 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-3506 Vulnerability in the Oracle OpenSSO component of Oracle Sun Products Suite (subcomponent: Authentication). Supported versions that are affected are 7.1 and 8.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle OpenSSO accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-3507 Vulnerability in the Oracle Communications Unified component of Oracle Sun Products Suite (subcomponent: Messaging Server). The supported version that is affected is 7.0. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Communications Unified accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2011-3508 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: LDAP library). Supported versions that are affected are 8, 9, 10 and 11 Express. Difficult to exploit vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2011-3515 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Process File System (procfs)). Supported versions that are affected are 10 and 11 Express. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS) as well as update, insert or delete access to some Solaris accessible data.

CVSS Base Score 5.6 (Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:P/A:C). (legend) [Advisory]
CVE-2011-3517 Vulnerability in the Oracle OpenSSO component of Oracle Sun Products Suite (subcomponent: Authentication). The supported version that is affected is 8.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 7.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2011-3522 Vulnerability in the SPARC T3, Netra SPARC T3, Sun Fire, Sun Blade component of Oracle Sun Products Suite (subcomponent: Integrated Lights Out Manager CLI). The supported version that is affected is SysFW 8.0 for SPARC T3 based servers; see 1364156.1 for other servers. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of SPARC T3, Netra SPARC T3, Sun Fire, Sun Blade accessible data.

Note: CVE-2011-3522: Specific products affected are: SPARC T3-1, SPARC T3-1B, SPARC T3-4, Netra SPARC T3-1, Netra SPARC T3-1B, Sun Blade x6270, Sun Blade x6270 M2, Sun Blade X6275, Sun Blade X6275 M2, Sun Blade X6440 M2, Sun Blade X6450, Sun Fire X2270 M2, Sun Fire X2270, Sun Fire X4170 M2, Sun Fire X4170, Sun Fire X4270 M2, Sun Fire X4270, Sun Fire x4470 M2, Sun Fire x4470.

CVSS Base Score 2.1 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2011-3534 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Network Status Monitor (statd(1M))). Supported versions that are affected are 8, 9, 10 and 11 Express. Easily exploitable vulnerability allows successful unauthenticated network attacks via RPC. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2011-3535 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Remote Quota Server (rquotad(1M))). Supported versions that are affected are 8, 9 ,10 and 11 Express. Easily exploitable vulnerability allows successful unauthenticated network attacks via RPC. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2011-3536 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: DTrace Software Library (libdtrace(3LIB))). The supported version that is affected is 10. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris.

CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2011-3537 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel/Filesystem). Supported versions that are affected are 8, 9, 10 and 11 Express. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2011-3539 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Zones). Supported versions that are affected are 10 and 11 Express. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris.

CVSS Base Score 1.7 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2011-3542 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel/Performance Counter BackEnd Module (pcbe)). Supported versions that are affected are 10 and 11 Express. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2011-3543 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: iSCSI DataMover(IDM)). The supported version that is affected is 11 Express. Easily exploitable vulnerability allows successful unauthenticated network attacks via iSCSI. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 7.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2011-3559 Vulnerability in the Oracle GlassFish Server component of Oracle Sun Products Suite (subcomponent: Web Container). Supported versions that are affected are Sailfin CS 2.0, 2.1.1, 3.0.1, 3.1.1, 8.1 and 8.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 7.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Linux

This table provides the text form of the Risk Matrix for Oracle Linux.

CVE Identifier Description
CVE-2011-2306 Vulnerability in the Oracle Linux component of Oracle Linux (subcomponent: Oracle validated). Supported versions that are affected are 4 and 5. Easily exploitable vulnerability allows successful authenticated network attacks via None. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Linux accessible data as well as read access to a subset of Oracle Linux accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Virtualization

This table provides the text form of the Risk Matrix for Oracle Virtualization.

CVE Identifier Description
CVE-2011-3538 Vulnerability in the Sun Ray component of Oracle Virtualization (subcomponent: Authentication). The supported version that is affected is 4.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Sun Ray accessible data as well as read access to a subset of Sun Ray accessible data and ability to cause a partial denial of service (partial DOS) of Sun Ray.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]