Text Form of Oracle Security Alert - CVE-2014-0160 Risk Matrix

This document provides the text form of the CVE-2014-0160 Advisory Risk Matrix. Please note that the CVE number in this document correspond to the same CVE number in the CVE-2014-0160 Advisory.

This page contains the text format of the following Risk Matrix:

Text Form of Risk Matrix for Third Party Components

This table provides the text form of the Risk Matrix for Third Party Components.

CVE Identifier Description
CVE-2014-0160 Heartbleed Vulnerability in the OpenSSL Third Party library (subcomponent: Heartbeat Extension) as it relates to Oracle products. Supported versions that are affected are 1.0.1 - 1.0.1f. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized read access to a subset of OpenSSL Library accessible data.

Note: This vulnerability affects a number of Oracle products that include the affected OpenSSL libraries. See OpenSSL Security Bug - Heartbleed CVE-2014-0160 for the list of affected products and current patch availability information.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]