No results found

Your search did not match any results.

We suggest you try the following to help find what you’re looking for:

  • Check the spelling of your keyword search.
  • Use synonyms for the keyword you typed, for example, try “application” instead of “software.”
  • Try one of the popular searches shown below.
  • Start a new search.
Trending Questions

Text Form of Oracle Critical Patch Update - October 2012 Risk Matrices

This document provides the text form of the CPUOct2012 Advisory Risk Matrices. Please note that the CVE numbers in this document correspond to the same CVE numbers in the CPUOct2012 Advisory

This page contains the following text format Risk Matrices:

Text Form of Risk Matrix for Oracle Database Server

This table provides the text form of the Risk Matrix for Oracle Database Server.

CVE Identifier Description
CVE-2012-1751 Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Create session, create flashback archive privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.2 and 11.2.0.3. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized takeover of Core RDBMS possibly including arbitrary code execution within the Core RDBMS.

CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory]
CVE-2012-3132 Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Create session, create table privileges for a successful attack. Supported versions that are affected are 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2 and 11.2.0.3. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized takeover of Core RDBMS possibly including arbitrary code execution within the Core RDBMS.

CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory]
CVE-2012-3137 Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2 and 11.2.0.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: The CVSS Base Score is 10.0 only for Windows. For Linux, Unix and other platforms, the CVSS Base Score is 7.5, and the impacts for Confidentiality, Integrity and Availability are Partial+.


For information, refer to Patching for CVE-2012-3137, My Oracle Support Note 1493990.1

In some configurations, client-side updates for Database, Enterprise Manager Grid Control, WebLogic Server and Fusion Middleware are recommended. For information on what patches need to be applied to your environments, refer to Critical Patch Update October 2012 Patch Availability Document for Oracle Products, My Oracle Support Note 1477727.1 


CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2012-3146 Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Create session, create any directory privileges for a successful attack. Supported versions that are affected are 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2 and 11.2.0.3. Very difficult to exploit vulnerability allows successful authenticated network attacks via Oracle NET. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Core RDBMS accessible data.

CVSS Base Score 2.1 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2012-3151 Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2 and 11.2.0.3. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Core RDBMS accessible data and ability to cause a hang or frequently repeatable crash (complete DOS) of Core RDBMS.

Note: The vulnerability affects Unix and Linux platforms only.

CVSS Base Score 3.3 (Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Fusion Middleware

This table provides the text form of the Risk Matrix for Oracle Fusion Middleware.

CVE Identifier Description
CVE-2011-1411 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WebLogic Security). Supported versions that are affected are 9.2.4.0, 10.0.2.0, 10.3.5.0, 10.3.6.0 and 12.1.1.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebLogic Server accessible data as well as read access to a subset of Oracle WebLogic Server accessible data.

CVSS Base Score 5.8 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2012-0071 Vulnerability in the Oracle Imaging and Process Management component of Oracle Fusion Middleware (subcomponent: Web). The supported version that is affected is 10.1.3.6.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Imaging and Process Management accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2012-0086 Vulnerability in the Oracle Imaging and Process Management component of Oracle Fusion Middleware (subcomponent: Web). The supported version that is affected is 10.1.3.6.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Imaging and Process Management accessible data.

CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2012-0090 Vulnerability in the Oracle Imaging and Process Management component of Oracle Fusion Middleware (subcomponent: Web). The supported version that is affected is 10.1.3.6.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Imaging and Process Management accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2012-0092 Vulnerability in the Oracle Imaging and Process Management component of Oracle Fusion Middleware (subcomponent: Web). The supported version that is affected is 10.1.3.6.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Imaging and Process Management accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2012-0093 Vulnerability in the Oracle Imaging and Process Management component of Oracle Fusion Middleware (subcomponent: Web). The supported version that is affected is 10.1.3.6.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Imaging and Process Management accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2012-0095 Vulnerability in the Oracle Imaging and Process Management component of Oracle Fusion Middleware (subcomponent: Web). The supported version that is affected is 10.1.3.6.0. Very difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Imaging and Process Management accessible data.

CVSS Base Score 2.1 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2012-0106 Vulnerability in the Oracle Imaging and Process Management component of Oracle Fusion Middleware (subcomponent: Web). The supported version that is affected is 10.1.3.6.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Imaging and Process Management accessible data as well as read access to all Oracle Imaging and Process Management accessible data.

CVSS Base Score 4.9 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2012-0107 Vulnerability in the Oracle Imaging and Process Management component of Oracle Fusion Middleware (subcomponent: Web). The supported version that is affected is 10.1.3.6.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Imaging and Process Management.

CVSS Base Score 4.3 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-0108 Vulnerability in the Oracle Imaging and Process Management component of Oracle Fusion Middleware (subcomponent: Web). The supported version that is affected is 10.1.3.6.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Imaging and Process Management accessible data.

CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2012-0518 Vulnerability in the Oracle Application Server Single Sign-On component of Oracle Fusion Middleware (subcomponent: Cookies/Tokens, Redirects). The supported version that is affected is 10.1.4.3.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Server Single Sign-On accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2012-1686 Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Installation). For supported versions that are affected see note. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Business Intelligence Enterprise Edition accessible data.

Note: Fixed in all supported releases and patchsets.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2012-3152 Vulnerability in the Oracle Reports Developer component of Oracle Fusion Middleware (subcomponent: Report Server Component). Supported versions that are affected are 11.1.1.4, 11.1.1.6 and 11.1.2.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Reports Developer accessible data as well as read access to all Oracle Reports Developer accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2012-3153 Vulnerability in the Oracle Reports Developer component of Oracle Fusion Middleware (subcomponent: Servlet). Supported versions that are affected are 11.1.1.4, 11.1.1.6 and 11.1.2.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Reports Developer accessible data as well as read access to a subset of Oracle Reports Developer accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2012-3175 Vulnerability in the Oracle Application Server Single Sign-On component of Oracle Fusion Middleware (subcomponent: Cookies/Tokens, Redirects). The supported version that is affected is 10.1.4.3.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Server Single Sign-On accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2012-3183 Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2 and 11.1.1.6.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebCenter Sites accessible data as well as read access to a subset of Oracle WebCenter Sites accessible data.

CVSS Base Score 4.9 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2012-3184 Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2 and 11.1.1.6.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebCenter Sites accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2012-3185 Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2 and 11.1.1.6.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebCenter Sites accessible data as well as read access to a subset of Oracle WebCenter Sites accessible data.

CVSS Base Score 4.9 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2012-3186 Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2 and 11.1.1.6.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebCenter Sites accessible data as well as read access to a subset of Oracle WebCenter Sites accessible data.

CVSS Base Score 4.9 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2012-3193 Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware (subcomponent: Administration). Supported versions that are affected are 10.3.4.2, 11.1.1.5.0,11.1.1.6.0 and 11.1.1.6.2. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle BI Publisher accessible data.

CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2012-3194 Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware (subcomponent: Administration). Supported versions that are affected are 10.1.3.4.2, 11.1.1.5.0, 11.1.1.6.0 and 11.1.1.6.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle BI Publisher accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2012-3202 Vulnerability in the Oracle JRockit component of Oracle Fusion Middleware. Supported versions that are affected are 28.2.4 and before: JDK/JRE 5 and 6 and 27.7.3 and before: JKD/JRE 5. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Oracle released a Java SE Critical Patch Update on October 16, 2012 to address multiple vulnerabilities affecting the Java Runtime Environment. Oracle CVE-2012-3202 refers to the advisories that are applicable to JRockit from the Java SE Critical Patch Update. The CVSS score of this vulnerability CVE# reflects the highest among those fixed in JRockit. The complete list of all vulnerabilities addressed in JRockit under CVE-2012-3202 is as follows: CVE-2012-5083, CVE-2012-1531, CVE-2012-5081, and CVE-2012-5085.

CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2012-3214 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.3.7.0. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8.

CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-3217 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In HTML Export SDK). The supported version that is affected is 8.3.7.0. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8.

CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-5065 Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: ImagePicker). Supported versions that are affected are 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2 and 11.1.1.6.0. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebCenter Sites accessible data.

CVSS Base Score 2.1 (Integrity impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory]

Text Form of Risk Matrix for Oracle E-Business Suite

This table provides the text form of the Risk Matrix for Oracle E-Business Suite.

CVE Identifier Description
CVE-2012-3138 Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Web interface). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.1, 12.1.2 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle iStore accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2012-3139 Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Signon (local and SSO)). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Object Library accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2012-3148 Vulnerability in the Oracle Field Service component of Oracle E-Business Suite (subcomponent: Wireless/WAP upload). The supported version that is affected is 12.1.3. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Field Service accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2012-3162 Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: MDS loading). Supported versions that are affected are 11.5.10.2, 12.0.6 and 12.1.3. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized read access to a subset of Oracle Applications Framework accessible data.

CVSS Base Score 1.7 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2012-3164 Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: Publish Item). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.1, 12.1.2 and 12.1.3. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Marketing accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2012-3171 Vulnerability in the Oracle Applications Technology Stack component of Oracle E-Business Suite (subcomponent: Autoconfig Templates). Supported versions that are affected are 11.5.10.2, 12.0.6 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Technology Stack accessible data.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2012-3196 Vulnerability in the Oracle Human Resources component of Oracle E-Business Suite (subcomponent: PDF generation). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Human Resources accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Human Resources.

CVSS Base Score 6.4 (Confidentiality and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P). (legend) [Advisory]
CVE-2012-3222 Vulnerability in the Oracle iRecruitment component of Oracle E-Business Suite (subcomponent: Signon (local only)). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle iRecruitment.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-5058 Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Web interface). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.1, 12.1.2 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle iStore accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Supply Chain Products Suite

This table provides the text form of the Risk Matrix for Oracle Supply Chain Products Suite.

CVE Identifier Description
CVE-2012-3140 Vulnerability in the Oracle Agile PLM For Process component of Oracle Supply Chain Products Suite (subcomponent: Supply Chain Relationship Mgmt). Supported versions that are affected are 6.0.0.6.3 and 6.1.0.1.14. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Agile PLM For Process accessible data as well as read access to a subset of Oracle Agile PLM For Process accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2012-3154 Vulnerability in the Oracle Agile PLM Framework component of Oracle Supply Chain Products Suite (subcomponent: ATTACH). The supported version that is affected is 9.3.1.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Agile PLM Framework accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2012-3161 Vulnerability in the Oracle Agile PLM Framework component of Oracle Supply Chain Products Suite (subcomponent: Web Client (CS)). The supported version that is affected is 9.3.1.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Agile PLM Framework accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2012-3200 Vulnerability in the Oracle Agile PLM Framework component of Oracle Supply Chain Products Suite (subcomponent: ROLESPRV). The supported version that is affected is 9.3.1.1. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Agile PLM Framework accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2012-5090 Vulnerability in the Oracle Agile PLM for Process component of Oracle Supply Chain Products Suite (subcomponent: Document Reference Library). Supported versions that are affected are 5.2.2 and 6.1.0.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Agile PLM for Process accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2012-5091 Vulnerability in the Oracle Agile Product Supplier Collaboration for Process component of Oracle Supply Chain Products Suite (subcomponent: Supplier Portal). Supported versions that are affected are 5.2.2 and 6.1.0.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Agile Product Supplier Collaboration for Process accessible data.

CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2012-5092 Vulnerability in the Oracle Agile PLM for Process component of Oracle Supply Chain Products Suite (subcomponent: Supply Chain Relationship Mgmt). Supported versions that are affected are 5.2.2 and 6.1.0.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Agile PLM for Process accessible data as well as read access to a subset of Oracle Agile PLM for Process accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2012-5093 Vulnerability in the Oracle Agile PLM for Process component of Oracle Supply Chain Products Suite (subcomponent: Global Spec Management). Supported versions that are affected are 5.2.2 and 6.1.0.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Agile PLM for Process accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2012-5094 Vulnerability in the Oracle Agile PLM for Process component of Oracle Supply Chain Products Suite (subcomponent: User Group Management). Supported versions that are affected are 5.2.2 and 6.1.0.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Agile PLM for Process accessible data.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]

Text Form of Risk Matrix for Oracle PeopleSoft Products

This table provides the text form of the Risk Matrix for Oracle PeopleSoft Products.

CVE Identifier Description
CVE-2012-3176 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Panel Processor). The supported version that is affected is 8.52. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2012-3179 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Tree Manager). Supported versions that are affected are 8.50, 8.51 and 8.52. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2012-3181 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 8.50, 8.51 and 8.52. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-3182 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). The supported version that is affected is 8.52. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2012-3188 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.50 and 8.51. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2012-3191 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Data Mover). Supported versions that are affected are 8.50, 8.51 and 8.52. Very difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools.

CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-3195 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.50, 8.51 and 8.52. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2012-3198 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Query). Supported versions that are affected are 8.51 and 8.52. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-3201 Vulnerability in the PeopleSoft Enterprise Campus Solutions component of Oracle PeopleSoft Products (subcomponent: Self-Service (Student Records)). The supported version that is affected is 9.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise Campus Solutions accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Siebel CRM

This table provides the text form of the Risk Matrix for Oracle Siebel CRM.

CVE Identifier Description
CVE-2012-3229 Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: Siebel Documentation). The supported version that is affected is 8.1.1. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2012-3230 Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: Portal Framework). The supported version that is affected is 8.1.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data.

CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Industry Applications

This table provides the text form of the Risk Matrix for Oracle Industry Applications.

CVE Identifier Description
CVE-2012-1763 Vulnerability in the Oracle Clinical/Remote Data Capture component of Oracle Industry Applications (subcomponent: HTML Surround). Supported versions that are affected are 4.6.0 and 4.6.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to all Oracle Clinical/Remote Data Capture accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2012-5066 Vulnerability in the Oracle Central Designer component of Oracle Industry Applications. Supported versions that are affected are 1.3, 1.4 and 1.4.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Central Designer accessible data as well as read access to all Oracle Central Designer accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Central Designer.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Financial Services Software

This table provides the text form of the Risk Matrix for Oracle Financial Services Software.

CVE Identifier Description
CVE-2012-3141 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Software (subcomponent: BASE). Supported versions that are affected are 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0 and 11.0.0 - 11.2.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle FLEXCUBE Universal Banking accessible data.

CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2012-3142 Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Software (subcomponent: BASE). Supported versions that are affected are 5.0.5, 5.1.0, 5.2.0 and 5.3.0 - 5.3.4. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data.

CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2012-3145 Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Software (subcomponent: BASE). Supported versions that are affected are 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.0 - 5.3.4 and 6.2.0. Difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data.

CVSS Base Score 1.5 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2012-3157 Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Software (subcomponent: BASE). Supported versions that are affected are 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.0 - 5.3.4, 6.0.1, 6.2.0 and 12. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle FLEXCUBE Direct Banking accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2012-3223 Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Software (subcomponent: BASE). Supported versions that are affected are 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.0 - 5.3.4 and 6.0.1. Very difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data.

CVSS Base Score 2.1 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2012-3224 Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Software (subcomponent: BASE). Supported versions that are affected are 5.1.0, 5.2.0 and 5.3.0 - 5.3.4. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data.

CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2012-3225 Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Software (subcomponent: BASE). Supported versions that are affected are 5.3.0 - 5.3.4. Very difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle FLEXCUBE Direct Banking accessible data as well as read access to a subset of Oracle FLEXCUBE Direct Banking accessible data.

CVSS Base Score 3.6 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2012-3226 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Software (subcomponent: BASE). Supported versions that are affected are 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0 and 11.0.0 - 11.2.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle FLEXCUBE Universal Banking accessible data as well as read access to a subset of Oracle FLEXCUBE Universal Banking accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2012-3227 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Software (subcomponent: BASE). Supported versions that are affected are 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0 and 11.0.0 - 11.2.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle FLEXCUBE Universal Banking accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2012-3228 Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Software (subcomponent: BASE). Supported versions that are affected are 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.0 - 5.3.4, 6.0.1 and 6.2.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle FLEXCUBE Direct Banking accessible data and ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Direct Banking.

CVSS Base Score 4.9 (Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:P). (legend) [Advisory]
CVE-2012-5061 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Software (subcomponent: BASE). Supported versions that are affected are 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0, 11.0.0 - 11.4.0 and 12.0.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2012-5063 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Software (subcomponent: BASE). Supported versions that are affected are 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0, 11.0.0 - 11.4.0 and 12.0.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle FLEXCUBE Universal Banking accessible data.

CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2012-5064 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Software (subcomponent: BASE). Supported versions that are affected are 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0 and 11.0.0 - 11.2.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data.

CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Sun Products Suite

This table provides the text form of the Risk Matrix for Oracle Sun Products Suite.

CVE Identifier Description
CVE-2012-0217 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: CVE-2012-0217 only affects Solaris instances running on platforms other than SPARC.

CVSS Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2012-3155 Vulnerability in the Oracle GlassFish Server, Sun GlassFish Enterprise Server, Sun Java System Application Server component of Oracle Sun Products Suite (subcomponent: CORBA ORB). Supported versions that are affected are Sun GlassFish Enterprise Server 2.1.1, Oracle GlassFish Server 3.0.1, Oracle GlassFish Server 3.1.2, Sun Java System Application Server 8.1 and Sun Java System Application Server 8.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GlassFish Server, Sun GlassFish Enterprise Server, Sun Java System Application Server.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-3165 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: mailx(1)). Supported versions that are affected are 8, 9, 10 and 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data.

CVSS Base Score 3.6 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2012-3187 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel). The supported version that is affected is 10. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2012-3189 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: COMSTAR). The supported version that is affected is 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP(iSCSI). Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 7.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2012-3199 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Gnome Trusted Extension). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2012-3203 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Gnome Display Manager(GDM)). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris.

CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-3204 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Power Management). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2012-3205 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Vino server). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data.

CVSS Base Score 2.1 (Integrity impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2012-3206 Vulnerability in the SPARC T3, Netra SPARC T3, SPARC T4, Netra SPARC T4 component of Oracle Sun Products Suite (subcomponent: Integrated Lights Out Manager CLI). Supported versions that are affected are SysFW 8.2.0.a for SPARC T3 and T4 based servers; see 1475188.1 for other servers. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of SPARC T3, Netra SPARC T3, SPARC T4, Netra SPARC T4 accessible data.

Note: Specific products affected by CVE-2012-3206 are: SPARC T3-1, SPARC T3-2, SPARC T3-4, SPARC T3-1B, Netra SPARC T3-1, Netra SPARC T3-1B, SPARC T4-1, SPARC T4-2, SPARC T4-4, SPARC T4-1B, Netra SPARC T4-1, Netra SPARC T4-2, Netra SPARC T4-2B.

CVSS Base Score 2.1 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2012-3207 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel). Supported versions that are affected are 9, 10 and 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2012-3208 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel/RCTL). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2012-3209 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Logical Domain(LDOM)). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS) as well as update, insert or delete access to some Solaris accessible data.

Note: CVE-2012-3209 and CVE-2012-3215 only affects Solaris on the SPARC platform.

CVSS Base Score 5.6 (Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:P/A:C). (legend) [Advisory]
CVE-2012-3210 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 7.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2012-3211 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel/System Call). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 4.6 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:N/I:N/A:C). (legend) [Advisory]
CVE-2012-3212 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

Note: CVE-2012-3212 affects only Solaris on SPARC T4 servers.

CVSS Base Score 4.7 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2012-3215 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized read access to a subset of Solaris accessible data.

Note: CVE-2012-3209 and CVE-2012-3215 only affects Solaris on the SPARC platform.

CVSS Base Score 1.7 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2012-5095 Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: inetd(1M)). The supported version that is affected is 10. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris.

CVSS Base Score 4.4 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Virtualization

This table provides the text form of the Risk Matrix for Oracle Virtualization.

CVE Identifier Description
CVE-2012-1685 Vulnerability in the Secure Global Desktop component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is 4.6. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Secure Global Desktop accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2012-3221 Vulnerability in the Oracle VM Virtual Box component of Oracle Virtualization (subcomponent: VirtualBox Core). Supported versions that are affected are 3.2, 4.0 and 4.1. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM Virtual Box.

CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]

Text Form of Risk Matrix for Oracle MySQL

This table provides the text form of the Risk Matrix for Oracle MySQL.

CVE Identifier Description
CVE-2012-3144 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server). Supported versions that are affected are 5.5.26 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-3147 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MySQL Client). Supported versions that are affected are 5.5.26 and earlier. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some MySQL Server accessible data and ability to cause a partial denial of service (partial DOS) of MySQL Server.

CVSS Base Score 6.4 (Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:P). (legend) [Advisory]
CVE-2012-3149 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MySQL Client). Supported versions that are affected are 5.5.26 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data.

CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2012-3150 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.64 and earlier and 5.5.26 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-3156 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server). Supported versions that are affected are 5.5.25 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-3158 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Protocol). Supported versions that are affected are 5.1.64 and earlier and 5.5.26 and earlier. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized takeover of MySQL Server possibly including arbitrary code execution within the MySQL Server.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2012-3160 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Installation). Supported versions that are affected are 5.1.65 and earlier and 5.5.27 and earlier. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data.

CVSS Base Score 2.1 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2012-3163 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Information Schema). Supported versions that are affected are 5.1.64 and earlier and 5.5.26 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: The CVSS Base Score is 9.0 only for Windows. For Linux, Unix and other platforms, the CVSS Base Score is 6.5, and the impacts for Confidentiality, Integrity and Availability are Partial+.

CVSS Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C). (legend) [Advisory]
CVE-2012-3166 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.1.63 and earlier and 5.5.25 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-3167 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Full Text Search). Supported versions that are affected are 5.1.63 and earlier and 5.5.25 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-3173 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB Plugin). Supported versions that are affected are 5.1.63 and earlier and 5.5.25 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-3177 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server). Supported versions that are affected are 5.1.65 and earlier and 5.5.27 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 6.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C). (legend) [Advisory]
CVE-2012-3180 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.65 and earlier and 5.5.27 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2012-3197 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Replication). Supported versions that are affected are 5.1.64 and earlier and 5.5.26 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory]