Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices



This document provides the text form of the CPUOct2016 Advisory Risk Matrices. Please note that the CVE numbers in this document correspond to the same CVE numbers in the CPUOct2016 Advisory

This page contains the following text format Risk Matrices:

 

Text Form of Risk Matrix for Oracle Database Server

 


This table provides the text form of the Risk Matrix for Oracle Database Server.

CVE Identifier Description
CVE-2010-5312 Vulnerability in the Application Express component of Oracle Database Server. The supported version that is affected is Prior to 5.0.4.00.07. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Application Express accessible data as well as unauthorized read access to a subset of Application Express accessible data.

CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). (legend) [Advisory]
CVE-2016-3562 Vulnerability in the RDBMS Security and SQL*Plus component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Easily exploitable vulnerability allows high privileged attacker having DBA level privileged account privilege with network access via Oracle Net to compromise RDBMS Security and SQL*Plus. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of RDBMS Security and SQL*Plus accessible data.

Note: Fix applicable to both server and client side installations.

CVSS v3.0 Base Score 2.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N). (legend) [Advisory]
CVE-2016-5497 Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 12.1.0.2. Difficult to exploit vulnerability allows high privileged attacker having Create Session privilege with logon to the infrastructure where RDBMS Security executes to compromise RDBMS Security. Successful attacks of this vulnerability can result in takeover of RDBMS Security.

CVSS v3.0 Base Score 6.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-5498 Vulnerability in the RDBMS Security component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with logon to the infrastructure where RDBMS Security executes to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized read access to a subset of RDBMS Security accessible data.

CVSS v3.0 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory]
CVE-2016-5499 Vulnerability in the RDBMS Security component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with logon to the infrastructure where RDBMS Security executes to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized read access to a subset of RDBMS Security accessible data.

CVSS v3.0 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory]
CVE-2016-5505 Vulnerability in the RDBMS Programmable Interface component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with logon to the infrastructure where RDBMS Programmable Interface executes to compromise RDBMS Programmable Interface. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all RDBMS Programmable Interface accessible data.

CVSS v3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory]
CVE-2016-5516 Vulnerability in the Kernel PDB component of Oracle Database Server. The supported version that is affected is 12.1.0.2. Easily exploitable vulnerability allows high privileged attacker having Execute on DBMS_PDB_EXEC_SQL privilege with logon to the infrastructure where Kernel PDB executes to compromise Kernel PDB. While the vulnerability is in Kernel PDB, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Kernel PDB.

CVSS v3.0 Base Score 6.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-5555 Vulnerability in the OJVM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Easily exploitable vulnerability allows high privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise OJVM. While the vulnerability is in OJVM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of OJVM.

CVSS v3.0 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-5572 Vulnerability in the Kernel PDB component of Oracle Database Server. The supported version that is affected is 12.1.0.2. Difficult to exploit vulnerability allows high privileged attacker having Create Session privilege with logon to the infrastructure where Kernel PDB executes to compromise Kernel PDB. Successful attacks of this vulnerability can result in takeover of Kernel PDB.

CVSS v3.0 Base Score 6.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Secure Backup

 


This table provides the text form of the Risk Matrix for Oracle Secure Backup.

CVE Identifier Description
CVE-2015-0286 Vulnerability in the Oracle Secure Backup component of Oracle Secure Backup. The supported version that is affected is Prior to 10.4.0.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSL to compromise Oracle Secure Backup. While the vulnerability is in Oracle Secure Backup, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Secure Backup.

CVSS v3.0 Base Score 5.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L). (legend) [Advisory]
CVE-2015-1351 Vulnerability in the Oracle Secure Backup component of Oracle Secure Backup. The supported version that is affected is Prior to 12.1.0.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Secure Backup. While the vulnerability is in Oracle Secure Backup, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Secure Backup.

CVSS v3.0 Base Score 5.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Big Data Graph

 


This table provides the text form of the Risk Matrix for Oracle Big Data Graph.

CVE Identifier Description
CVE-2015-7501 Vulnerability in the Big Data Graph component of Oracle Big Data Graph (subcomponent: Apache Commons Collections). The supported version that is affected is Prior to 1.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Big Data Graph. Successful attacks of this vulnerability can result in takeover of Big Data Graph.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Fusion Middleware

 


This table provides the text form of the Risk Matrix for Oracle Fusion Middleware.

CVE Identifier Description
CVE-2015-3253 Vulnerability in the Oracle Big Data Discovery component of Oracle Fusion Middleware (subcomponent: Data Processing). Supported versions that are affected are 1.1.1, 1.1.3 and 1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Big Data Discovery. Successful attacks of this vulnerability can result in takeover of Oracle Big Data Discovery.

CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2015-7501 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: None). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.

CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-1950 Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). The supported version that is affected is 2.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle GlassFish Server.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-1950 Vulnerability in the Oracle iPlanet Web Proxy Server component of Oracle Fusion Middleware (subcomponent: Security). The supported version that is affected is 4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iPlanet Web Proxy Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle iPlanet Web Proxy Server.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-1950 Vulnerability in the Oracle iPlanet Web Server component of Oracle Fusion Middleware (subcomponent: Security ). The supported version that is affected is 7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iPlanet Web Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle iPlanet Web Server.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-2107 Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Installation). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.1.1.0.0 and 12.2.1.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data.

CVSS v3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory]
CVE-2016-3473 Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0 and 12.2.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher). While the vulnerability is in BI Publisher (formerly XML Publisher), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher (formerly XML Publisher) accessible data.

CVSS v3.0 Base Score 7.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). (legend) [Advisory]
CVE-2016-3505 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: JavaServer Faces). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-3551 Vulnerability in the Oracle Web Services component of Oracle Fusion Middleware (subcomponent: JAXWS Web Services Stack). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Services. Successful attacks of this vulnerability can result in takeover of Oracle Web Services.

CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-5488 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 10.3.6.0 and 12.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server.

CVSS v3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory]
CVE-2016-5495 Vulnerability in the Oracle Discoverer component of Oracle Fusion Middleware (subcomponent: EUL Code & Schema). The supported version that is affected is 11.1.1.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Discoverer. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Discoverer accessible data.

CVSS v3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory]
CVE-2016-5500 Vulnerability in the Oracle Discoverer component of Oracle Fusion Middleware (subcomponent: Viewer). The supported version that is affected is 11.1.1.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Discoverer. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Discoverer accessible data.

CVSS v3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory]
CVE-2016-5506 Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: App Server). For supported versions that are affected see note. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Identity Manager executes to compromise Oracle Identity Manager. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Identity Manager accessible data as well as unauthorized read access to a subset of Oracle Identity Manager accessible data.

Note: Fixed in all supported releases and patchsets.

CVSS v3.0 Base Score 3.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N). (legend) [Advisory]
CVE-2016-5511 Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data.

Note: Please refer to My Oracle Support Note 2188873.1 for instructions on how to address this issue.

CVSS v3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). (legend) [Advisory]
CVE-2016-5519 Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in takeover of Oracle GlassFish Server.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-5531 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS-WebServices). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.

CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-5535 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: None). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0 and 12.2.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.

CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-5536 Vulnerability in the Oracle Platform Security for Java component of Oracle Fusion Middleware (subcomponent: Audit Schema). Supported versions that are affected are 12.1.3.0.0, 12.2.1.0.0 and 12.2.1.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Platform Security for Java. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Platform Security for Java accessible data as well as unauthorized update, insert or delete access to some of Oracle Platform Security for Java accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Platform Security for Java.

CVSS v3.0 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]
CVE-2016-5537 Vulnerability in the NetBeans component of Oracle Fusion Middleware (subcomponent: Project Import). The supported version that is affected is 8.1. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where NetBeans executes to compromise NetBeans. While the vulnerability is in NetBeans, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of NetBeans accessible data as well as unauthorized read access to a subset of NetBeans accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of NetBeans.

CVSS v3.0 Base Score 5.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L). (legend) [Advisory]
CVE-2016-5558 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.4.0, 8.5.1, 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data as well as unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower.

CVSS v3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]
CVE-2016-5574 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.4.0, 8.5.1, 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data as well as unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower.

CVSS v3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]
CVE-2016-5577 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.4.0, 8.5.1, 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data as well as unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower.

CVSS v3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]
CVE-2016-5578 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.4.0, 8.5.1, 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data as well as unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower.

CVSS v3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]
CVE-2016-5579 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.4.0, 8.5.1, 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data as well as unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower.

CVSS v3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]
CVE-2016-5588 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.4.0, 8.5.1, 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data as well as unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower.

CVSS v3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]
CVE-2016-5601 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: CIE Related Components). Supported versions that are affected are 12.1.3.0, 12.2.1.0 and 12.2.1.1. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data.

CVSS v3.0 Base Score 6.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N). (legend) [Advisory]
CVE-2016-5602 Vulnerability in the Oracle Data Integrator component of Oracle Fusion Middleware (subcomponent: Code Generation Engine). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.0.0 and 12.2.1.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Data Integrator. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Data Integrator accessible data.

Note: Please refer to My Oracle Support Note 2188855.1 for instructions on how to address this issue.

CVSS v3.0 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N). (legend) [Advisory]
CVE-2016-5618 Vulnerability in the Oracle Data Integrator component of Oracle Fusion Middleware (subcomponent: Code Generation Engine). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.1.2.0.0, 12.1.3.0.0, 12.2.1.0.0 and 12.2.1.1.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Data Integrator. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Data Integrator accessible data.

Note: Please refer to My Oracle Support Note 2188871.1 for instructions on how to address this issue.

CVSS v3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory]
CVE-2016-8281 Vulnerability in the Oracle Platform Security for Java component of Oracle Fusion Middleware (subcomponent: Audit Reports). Supported versions that are affected are 12.1.3.0.0, 12.2.1.0.0 and 12.2.1.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Platform Security for Java. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Platform Security for Java accessible data as well as unauthorized update, insert or delete access to some of Oracle Platform Security for Java accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Platform Security for Java.

CVSS v3.0 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Enterprise Manager Grid Control

 


This table provides the text form of the Risk Matrix for Oracle Enterprise Manager Grid Control.

CVE Identifier Description
CVE-2015-7940 Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Load Testing for Web Apps). Supported versions that are affected are 12.5.0.1, 12.5.0.2 and 12.5.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Testing Suite accessible data.

CVSS v3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory]
CVE-2015-7940 Vulnerability in the Enterprise Manager component of Oracle Enterprise Manager Grid Control (subcomponent: Ops Center). Supported versions that are affected are 12.1.4 and 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Enterprise Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager accessible data.

CVSS v3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory]
CVE-2016-2107 Vulnerability in the Enterprise Manager component of Oracle Enterprise Manager Grid Control (subcomponent: Ops Center). Supported versions that are affected are 12.1.4, 12.2.2 and 12.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Enterprise Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Enterprise Manager and unauthorized read access to a subset of Enterprise Manager accessible data.

CVSS v3.0 Base Score 8.2 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H). (legend) [Advisory]
CVE-2016-4979 Vulnerability in the Enterprise Manager component of Oracle Enterprise Manager Grid Control (subcomponent: Ops Center). Supported versions that are affected are 12.1.4, 12.2.2 and 12.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Enterprise Manager accessible data.

CVSS v3.0 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). (legend) [Advisory]
CVE-2016-5604 Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Security Framework). The supported version that is affected is 12.1.0.5. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Enterprise Manager Base Platform executes to compromise Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Enterprise Manager Base Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data.

CVSS v3.0 Base Score 6.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle E-Business Suite

 


This table provides the text form of the Risk Matrix for Oracle E-Business Suite.

CVE Identifier Description
CVE-2016-2176 Vulnerability in the Oracle HTTP Server component of Oracle E-Business Suite (subcomponent: OpenSSL). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle HTTP Server and unauthorized read access to a subset of Oracle HTTP Server accessible data.

CVSS v3.0 Base Score 8.2 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H). (legend) [Advisory]
CVE-2016-5489 Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Runtime Catalog). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3 and 12.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data.

CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). (legend) [Advisory]
CVE-2016-5517 Vulnerability in the Oracle Applications DBA component of Oracle E-Business Suite (subcomponent: AD Utilities). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications DBA accessible data.

CVSS v3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory]
CVE-2016-5532 Vulnerability in the Oracle Shipping Execution component of Oracle E-Business Suite (subcomponent: Workflow Events). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Shipping Execution. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Shipping Execution accessible data.

CVSS v3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory]
CVE-2016-5557 Vulnerability in the Oracle Advanced Pricing component of Oracle E-Business Suite (subcomponent: Price Book). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Pricing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Pricing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Pricing accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Pricing accessible data.

CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). (legend) [Advisory]
CVE-2016-5562 Vulnerability in the Oracle iProcurement component of Oracle E-Business Suite (subcomponent: Requisition Management). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iProcurement. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iProcurement, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iProcurement accessible data as well as unauthorized update, insert or delete access to some of Oracle iProcurement accessible data.

CVSS v3.0 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N). (legend) [Advisory]
CVE-2016-5567 Vulnerability in the Oracle Applications DBA component of Oracle E-Business Suite (subcomponent: AD Utilities). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications DBA. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Applications DBA accessible data as well as unauthorized access to critical data or complete access to all Oracle Applications DBA accessible data.

CVSS v3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N). (legend) [Advisory]
CVE-2016-5570 Vulnerability in the Oracle Applications DBA component of Oracle E-Business Suite (subcomponent: AD Utilities). Supported versions that are affected are 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications DBA. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Applications DBA accessible data as well as unauthorized access to critical data or complete access to all Oracle Applications DBA accessible data.

CVSS v3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N). (legend) [Advisory]
CVE-2016-5571 Vulnerability in the Oracle Applications DBA component of Oracle E-Business Suite (subcomponent: AD Utilities). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications DBA. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Applications DBA accessible data as well as unauthorized access to critical data or complete access to all Oracle Applications DBA accessible data.

CVSS v3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N). (legend) [Advisory]
CVE-2016-5575 Vulnerability in the Oracle Common Applications Calendar component of Oracle E-Business Suite (subcomponent: Resources Module). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications Calendar. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Common Applications Calendar accessible data.

CVSS v3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory]
CVE-2016-5581 Vulnerability in the Oracle iRecruitment component of Oracle E-Business Suite (subcomponent: Candidate Self Service). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows physical access to compromise Oracle iRecruitment. Successful attacks of this vulnerability can result in takeover of Oracle iRecruitment.

CVSS v3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-5583 Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: File Upload). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data.

CVSS v3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). (legend) [Advisory]
CVE-2016-5585 Vulnerability in the Oracle Interaction Center Intelligence component of Oracle E-Business Suite (subcomponent: Select Application Dependencies). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Interaction Center Intelligence. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Interaction Center Intelligence accessible data as well as unauthorized read access to a subset of Oracle Interaction Center Intelligence accessible data.

CVSS v3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N). (legend) [Advisory]
CVE-2016-5586 Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: Dispatch/Service Call Requests). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Email Center. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Email Center accessible data as well as unauthorized read access to a subset of Oracle Email Center accessible data.

CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N). (legend) [Advisory]
CVE-2016-5587 Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: Outcome-Result). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3 and 12.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Customer Interaction History accessible data as well as unauthorized read access to a subset of Oracle Customer Interaction History accessible data.

CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N). (legend) [Advisory]
CVE-2016-5589 Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Responsibility Management). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle CRM Technical Foundation accessible data as well as unauthorized read access to a subset of Oracle CRM Technical Foundation accessible data.

CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N). (legend) [Advisory]
CVE-2016-5591 Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: Outcome-Result). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3 and 12.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Customer Interaction History accessible data as well as unauthorized read access to a subset of Oracle Customer Interaction History accessible data.

CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N). (legend) [Advisory]
CVE-2016-5592 Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: Result-Reason). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3 and 12.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Customer Interaction History accessible data as well as unauthorized read access to a subset of Oracle Customer Interaction History accessible data.

CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N). (legend) [Advisory]
CVE-2016-5593 Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: Outcome-Result). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3 and 12.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Customer Interaction History accessible data as well as unauthorized read access to a subset of Oracle Customer Interaction History accessible data.

CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N). (legend) [Advisory]
CVE-2016-5595 Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: Result-Reason). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3 and 12.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Customer Interaction History accessible data as well as unauthorized read access to a subset of Oracle Customer Interaction History accessible data.

CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N). (legend) [Advisory]
CVE-2016-5596 Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Default Responsibility). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle CRM Technical Foundation accessible data.

CVSS v3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Supply Chain Products Suite

 


This table provides the text form of the Risk Matrix for Oracle Supply Chain Products Suite.

CVE Identifier Description
CVE-2015-3253 Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Event Java PX). Supported versions that are affected are 9.3.4 and 9.3.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2015-7501 Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Apache Commons Collections). Supported versions that are affected are 9.3.4 and 9.3.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-0635 Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Spring). Supported versions that are affected are 9.3.4 and 9.3.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-0714 Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Install). Supported versions that are affected are 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6 and 6.3.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in takeover of Oracle Transportation Management.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-2107 Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Install). Supported versions that are affected are 6.1 and 6.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Transportation Management and unauthorized read access to a subset of Oracle Transportation Management accessible data.

CVSS v3.0 Base Score 8.2 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H). (legend) [Advisory]
CVE-2016-5504 Vulnerability in the Oracle Agile Product Lifecycle Management for Process component of Oracle Supply Chain Products Suite (subcomponent: Supplier Portal). Supported versions that are affected are 6.1.0.4, 6.1.1.6 and 6.2.0.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Agile Product Lifecycle Management for Process executes to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile Product Lifecycle Management for Process accessible data.

CVSS v3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory]
CVE-2016-5510 Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Folders, Files & Attachments). Supported versions that are affected are 9.3.4 and 9.3.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Agile PLM accessible data.

CVSS v3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory]
CVE-2016-5512 Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.4 and 9.3.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile PLM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data.

CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). (legend) [Advisory]
CVE-2016-5513 Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: File Manager). Supported versions that are affected are 9.3.4 and 9.3.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Agile PLM accessible data.

CVSS v3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory]
CVE-2016-5514 Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: ExportServlet). Supported versions that are affected are 9.3.4 and 9.3.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-5515 Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: RMIServlet). Supported versions that are affected are 9.3.4 and 9.3.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-5518 Vulnerability in the Oracle Agile Engineering Data Management component of Oracle Supply Chain Products Suite (subcomponent: webfileservices). Supported versions that are affected are 6.1.3.0 and 6.2.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile Engineering Data Management. Successful attacks of this vulnerability can result in takeover of Oracle Agile Engineering Data Management.

CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-5521 Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.4 and 9.3.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data.

CVSS v3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N). (legend) [Advisory]
CVE-2016-5522 Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.4 and 9.3.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Agile PLM accessible data.

CVSS v3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory]
CVE-2016-5523 Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: AutoVue Java Applet). Supported versions that are affected are 9.3.4 and 9.3.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-5524 Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.4 and 9.3.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Agile PLM accessible data.

CVSS v3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory]
CVE-2016-5526 Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Apache Tomcat). Supported versions that are affected are 9.3.4 and 9.3.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Agile PLM.

CVSS v3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). (legend) [Advisory]
CVE-2016-5527 Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.4 and 9.3.5. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM accessible data.

CVSS v3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory]
CVE-2016-5599 Vulnerability in the Oracle Advanced Supply Chain Planning component of Oracle Supply Chain Products Suite (subcomponent: MscObieeSrvlt). Supported versions that are affected are 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Supply Chain Planning. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Advanced Supply Chain Planning accessible data as well as unauthorized access to critical data or complete access to all Oracle Advanced Supply Chain Planning accessible data.

CVSS v3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle PeopleSoft Products

 


This table provides the text form of the Risk Matrix for Oracle PeopleSoft Products.

CVE Identifier Description
CVE-2015-7940 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Bouncy Castle Java). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data.

CVSS v3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory]
CVE-2016-5529 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data.

CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). (legend) [Advisory]
CVE-2016-5530 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data.

CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). (legend) [Advisory]
CVE-2016-5600 Vulnerability in the PeopleSoft Enterprise SCM Services Procurement component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 9.1 and 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM Services Procurement. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise SCM Services Procurement accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise SCM Services Procurement accessible data.

CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). (legend) [Advisory]
CVE-2016-8285 Vulnerability in the PeopleSoft Enterprise HCM component of Oracle PeopleSoft Products (subcomponent: Candidate Gateway). The supported version that is affected is 9.2. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise HCM accessible data as well as unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM accessible data.

CVSS v3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N). (legend) [Advisory]
CVE-2016-8291 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Mobile Application Platform). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data.

CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). (legend) [Advisory]
CVE-2016-8292 Vulnerability in the PeopleSoft Enterprise HCM component of Oracle PeopleSoft Products (subcomponent: Talent Acquisition Manager). The supported version that is affected is 9.2. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HCM accessible data.

CVSS v3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N). (legend) [Advisory]
CVE-2016-8293 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data.

CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). (legend) [Advisory]
CVE-2016-8294 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Query). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data.

CVSS v3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory]
CVE-2016-8295 Vulnerability in the PeopleSoft Enterprise HCM component of Oracle PeopleSoft Products (subcomponent: Schedule). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM accessible data.

CVSS v3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory]
CVE-2016-8296 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: LDAP). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data.

CVSS v3.0 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle JD Edwards Products

 


This table provides the text form of the Risk Matrix for Oracle JD Edwards Products.

CVE Identifier Description
CVE-2015-1793 Vulnerability in the JD Edwards World Security component of Oracle JD Edwards Products (subcomponent: GUI / World Vision). The supported version that is affected is A9.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise JD Edwards World Security. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards World Security accessible data as well as unauthorized read access to a subset of JD Edwards World Security accessible data.

CVSS v3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N). (legend) [Advisory]
CVE-2016-1181 Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC). The supported version that is affected is 9.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools.

CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Siebel CRM

 


This table provides the text form of the Risk Matrix for Oracle Siebel CRM.

CVE Identifier Description
CVE-2016-3081 Vulnerability in the Siebel Apps - E-Billing component of Oracle Siebel CRM (subcomponent: Security). The supported version that is affected is 7.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Apps - E-Billing. Successful attacks of this vulnerability can result in takeover of Siebel Apps - E-Billing.

CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-5534 Vulnerability in the Siebel Apps - Customer Order Management component of Oracle Siebel CRM (subcomponent: Customizable Prod/Configurator). The supported version that is affected is 16.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel Apps - Customer Order Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Siebel Apps - Customer Order Management accessible data.

CVSS v3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory]
CVE-2016-5560 Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: OpenUI). The supported version that is affected is 16.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel UI Framework accessible data as well as unauthorized read access to a subset of Siebel UI Framework accessible data.

CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Commerce

 


This table provides the text form of the Risk Matrix for Oracle Commerce.

CVE Identifier Description
CVE-2015-3253 Vulnerability in the Oracle Commerce Platform component of Oracle Commerce (subcomponent: Dynamo Application Framework). Supported versions that are affected are 10.0.3.5, 10.2.0.5 and 11.2.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks of this vulnerability can result in takeover of Oracle Commerce Platform.

CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2015-7501 Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager component of Oracle Commerce (subcomponent: Content Acquisition System). Supported versions that are affected are 3.1.1, 3.1.2, 11.0, 11.1 and 11.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Commerce Guided Search / Oracle Commerce Experience Manager. Successful attacks of this vulnerability can result in takeover of Oracle Commerce Guided Search / Oracle Commerce Experience Manager.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-0635 Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager component of Oracle Commerce (subcomponent: Content Acquisition System). Supported versions that are affected are 3.1.1, 3.1.2, 11.0, 11.1 and 11.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Commerce Guided Search / Oracle Commerce Experience Manager. Successful attacks of this vulnerability can result in takeover of Oracle Commerce Guided Search / Oracle Commerce Experience Manager.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-2107 Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager component of Oracle Commerce (subcomponent: MDEX). Supported versions that are affected are 6.2.2, 6.3.0, 6.4.1.2, 6.5.0, 6.5.1 and 6.5.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Commerce Guided Search / Oracle Commerce Experience Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Guided Search / Oracle Commerce Experience Manager and unauthorized read access to a subset of Oracle Commerce Guided Search / Oracle Commerce Experience Manager accessible data.

CVSS v3.0 Base Score 8.2 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H). (legend) [Advisory]
CVE-2016-5482 Vulnerability in the Oracle Commerce Guided Search component of Oracle Commerce (subcomponent: Oracle Commerce Guided Search). Supported versions that are affected are 6.2.2, 6.3.0, 6.4.1.2, 6.5.0, 6.5.1 and 6.5.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Guided Search, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Commerce Guided Search accessible data as well as unauthorized update, insert or delete access to some of Oracle Commerce Guided Search accessible data.

CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). (legend) [Advisory]
CVE-2016-5491 Vulnerability in the Oracle Commerce Service Center component of Oracle Commerce (subcomponent: Commerce Service Center). Supported versions that are affected are 10.0.3.5 and 10.2.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Service Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Service Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Commerce Service Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Commerce Service Center accessible data.

CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Communications Applications

 


This table provides the text form of the Risk Matrix for Oracle Communications Applications.

CVE Identifier Description
CVE-2013-2067 Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: Tomcat). Supported versions that are affected are 9.7.3, 9.9.1, 10.4.1 and 12.1.1 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Policy Management accessible data as well as unauthorized read access to a subset of Oracle Communications Policy Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Policy Management.

CVSS v3.0 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L). (legend) [Advisory]
CVE-2013-2566 Vulnerability in the Oracle Enterprise Session Border Controller component of Oracle Communications Applications (subcomponent: Security). Supported versions that are affected are Ecz7.3m1p4 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Enterprise Session Border Controller. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Session Border Controller accessible data.

CVSS v3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory]
CVE-2013-4286 Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: Tomcat). Supported versions that are affected are 9.7.3, 9.9.1, 10.4.1 and 12.1.1 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Policy Management accessible data as well as unauthorized read access to a subset of Oracle Communications Policy Management accessible data.

CVSS v3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). (legend) [Advisory]
CVE-2013-4322 Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: Tomcat). Supported versions that are affected are 9.7.3, 9.9.1, 10.4.1 and 12.1.1 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Policy Management.

CVSS v3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory]
CVE-2013-4444 Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: Tomcat). Supported versions that are affected are 9.7.3, 9.9.1, 10.4.1 and 12.1.1 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Policy Management accessible data as well as unauthorized read access to a subset of Oracle Communications Policy Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Policy Management.

CVSS v3.0 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L). (legend) [Advisory]
CVE-2013-4590 Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: Tomcat). Supported versions that are affected are 9.7.3, 9.9.1, 10.4.1 and 12.1.1 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Policy Management accessible data.

CVSS v3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory]
CVE-2014-0050 Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: Tomcat). Supported versions that are affected are 9.7.3, 9.9.1, 10.4.1 and 12.1.1 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Policy Management accessible data as well as unauthorized read access to a subset of Oracle Communications Policy Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Policy Management.

CVSS v3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). (legend) [Advisory]
CVE-2014-0075 Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: Tomcat). Supported versions that are affected are 9.7.3, 9.9.1, 10.4.1 and 12.1.1 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Policy Management.

CVSS v3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory]
CVE-2014-0096 Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: Tomcat). Supported versions that are affected are 9.7.3, 9.9.1, 10.4.1 and 12.1.1 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Policy Management accessible data.

CVSS v3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory]
CVE-2014-0099 Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: Tomcat). Supported versions that are affected are 9.7.3, 9.9.1, 10.4.1 and 12.1.1 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Policy Management accessible data.

CVSS v3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). (legend) [Advisory]
CVE-2014-0119 Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: Tomcat). Supported versions that are affected are 9.7.3, 9.9.1, 10.4.1 and 12.1.1 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Policy Management accessible data.

CVSS v3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory]
CVE-2014-0224 Vulnerability in the Oracle Enterprise Session Border Controller component of Oracle Communications Applications (subcomponent: OpenSSL). Supported versions that are affected are Ecz7.3m1p4 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL to compromise Oracle Enterprise Session Border Controller. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Session Border Controller accessible data as well as unauthorized read access to a subset of Oracle Enterprise Session Border Controller accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Session Border Controller.

CVSS v3.0 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L). (legend) [Advisory]
CVE-2014-0224 Vulnerability in the Oracle Enterprise Communications Broker component of Oracle Communications Applications (subcomponent: OpenSSL). Supported versions that are affected are Pcz2.0.0m4p5 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL to compromise Oracle Enterprise Communications Broker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Communications Broker accessible data as well as unauthorized read access to a subset of Oracle Enterprise Communications Broker accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Communications Broker.

CVSS v3.0 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L). (legend) [Advisory]
CVE-2014-0224 Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: OpenSSL). Supported versions that are affected are 9.7.3, 9.9.1, 10.4.1 and 12.1.1 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSL to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Policy Management accessible data as well as unauthorized read access to a subset of Oracle Communications Policy Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Policy Management.

CVSS v3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). (legend) [Advisory]
CVE-2014-0227 Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: Tomcat). Supported versions that are affected are 9.7.3, 9.9.1, 10.4.1 and 12.1.1 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Policy Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Policy Management.

CVSS v3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L). (legend) [Advisory]
CVE-2014-2532 Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: Security). Supported versions that are affected are 9.7.3, 9.9.1, 10.4.1 and 12.1.1 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via SSH to compromise Oracle Communications Policy Management. While the vulnerability is in Oracle Communications Policy Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Policy Management accessible data as well as unauthorized read access to a subset of Oracle Communications Policy Management accessible data.

CVSS v3.0 Base Score 4.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N). (legend) [Advisory]
CVE-2014-3571 Vulnerability in the Oracle Enterprise Session Border Controller component of Oracle Communications Applications (subcomponent: OpenSSL). Supported versions that are affected are Ecz7.3m1p4 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSL to compromise Oracle Enterprise Session Border Controller. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Session Border Controller.

CVSS v3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory]
CVE-2014-3571 Vulnerability in the Oracle Enterprise Communications Broker component of Oracle Communications Applications (subcomponent: OpenSSL). Supported versions that are affected are Pcz2.0.0m4p5 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSL to compromise Oracle Enterprise Communications Broker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Communications Broker.

CVSS v3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory]
CVE-2014-3571 Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: OpenSSL). Supported versions that are affected are 9.7.3, 9.9.1, 10.4.1 and 12.1.1 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSL to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Policy Management accessible data.

CVSS v3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). (legend) [Advisory]
CVE-2014-9296 Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: NTP). Supported versions that are affected are 9.7.3, 9.9.1, 10.4.1 and 12.1.1 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via NTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Policy Management.

CVSS v3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory]
CVE-2015-0235 Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: Glibc). Supported versions that are affected are 9.7.3, 9.9.1, 10.4.1 and 12.1.1 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Policy Management accessible data as well as unauthorized read access to a subset of Oracle Communications Policy Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Policy Management.

CVSS v3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). (legend) [Advisory]
CVE-2015-0286 Vulnerability in the Oracle Enterprise Session Border Controller component of Oracle Communications Applications (subcomponent: OpenSSL). Supported versions that are affected are Ecz7.3m1p4 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSL to compromise Oracle Enterprise Session Border Controller. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Session Border Controller.

CVSS v3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory]
CVE-2015-0286 Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: OpenSSL). Supported versions that are affected are 9.7.3, 9.9.1, 10.4.1 and 12.1.1 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSL to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Policy Management accessible data as well as unauthorized read access to a subset of Oracle Communications Policy Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Policy Management.

CVSS v3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). (legend) [Advisory]
CVE-2015-0381 Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: MySQL). Supported versions that are affected are 9.7.3, 9.9.1, 10.4.1 and 12.1.1 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Policy Management.

CVSS v3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory]
CVE-2015-0382 Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: MySQL). Supported versions that are affected are 9.7.3, 9.9.1, 10.4.1 and 12.1.1 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Policy Management.

CVSS v3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory]
CVE-2015-0409 Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: MySQL). Supported versions that are affected are 9.7.3, 9.9.1, 10.4.1 and 12.1.1 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Policy Management.

CVSS v3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory]
CVE-2015-0411 Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: MySQL). Supported versions that are affected are 9.7.3, 9.9.1, 10.4.1 and 12.1.1 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Policy Management accessible data as well as unauthorized read access to a subset of Oracle Communications Policy Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Policy Management.

CVSS v3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). (legend) [Advisory]
CVE-2015-0423 Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: MySQL). Supported versions that are affected are 9.7.3, 9.9.1, 10.4.1 and 12.1.1 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Policy Management.

CVSS v3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory]
CVE-2015-0433 Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: MySQL). Supported versions that are affected are 9.7.3, 9.9.1, 10.4.1 and 12.1.1 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Policy Management.

CVSS v3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2015-0500 Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: MySQL). Supported versions that are affected are 9.7.3, 9.9.1, 10.4.1 and 12.1.1 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Policy Management.

CVSS v3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory]
CVE-2015-1791 Vulnerability in the Oracle Enterprise Session Border Controller component of Oracle Communications Applications (subcomponent: OpenSSL). Supported versions that are affected are Ecz7.3m1p4 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL to compromise Oracle Enterprise Session Border Controller. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Session Border Controller accessible data as well as unauthorized read access to a subset of Oracle Enterprise Session Border Controller accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Session Border Controller.

CVSS v3.0 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L). (legend) [Advisory]
CVE-2015-2568 Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: MySQL). Supported versions that are affected are 9.7.3, 9.9.1, 10.4.1 and 12.1.1 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Policy Management.

CVSS v3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory]
CVE-2015-3195 Vulnerability in the Oracle Enterprise Session Border Controller component of Oracle Communications Applications (subcomponent: OpenSSL). Supported versions that are affected are Ecz7.3m1p4 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSL to compromise Oracle Enterprise Session Border Controller. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Session Border Controller.

CVSS v3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory]
CVE-2015-3197 Vulnerability in the Oracle Enterprise Session Border Controller component of Oracle Communications Applications (subcomponent: OpenSSL). Supported versions that are affected are Ecz7.3m1p4 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL to compromise Oracle Enterprise Session Border Controller. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Session Border Controller accessible data.

CVSS v3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory]
CVE-2016-2107 Vulnerability in the Oracle Enterprise Session Border Controller component of Oracle Communications Applications (subcomponent: OpenSSL). Supported versions that are affected are Ecz7.3m1p4 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSL to compromise Oracle Enterprise Session Border Controller. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Session Border Controller and unauthorized read access to a subset of Oracle Enterprise Session Border Controller accessible data.

CVSS v3.0 Base Score 8.2 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Financial Services Applications

 


This table provides the text form of the Risk Matrix for Oracle Financial Services Applications.

CVE Identifier Description
CVE-2015-7501 Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure component of Oracle Financial Services Applications (subcomponent: Apache Commons Collections). Supported versions that are affected are 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 8.0.0, 8.0.1, 8.0.2 and 8.0.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Analytical Applications Infrastructure.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2015-7501 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Apache Commons Collections). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in takeover of Oracle FLEXCUBE Universal Banking.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2015-7501 Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Apache Commons Collections). The supported version that is affected is 12.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in takeover of Oracle FLEXCUBE Investor Servicing.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2015-7501 Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Apache Commons Collections). Supported versions that are affected are 12.0.0 and 12.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in takeover of Oracle FLEXCUBE Enterprise Limits and Collateral Management.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2015-7501 Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Apache Commons Collections). Supported versions that are affected are 11.5.0.0.0 and 11.6.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Core Banking. Successful attacks of this vulnerability can result in takeover of Oracle FLEXCUBE Core Banking.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2015-7501 Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Apache Commons Collections). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0, 12.0.0, 12.0.1, 12.0.2, 12.0.3 and 12.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in takeover of Oracle FLEXCUBE Private Banking.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2015-7501 Vulnerability in the Oracle Financial Services Lending and Leasing component of Oracle Financial Services Applications (subcomponent: Apache Commons Collections). Supported versions that are affected are 14.1.0 and 14.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Lending and Leasing. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Lending and Leasing.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2015-7501 Vulnerability in the Oracle Banking Digital Experience component of Oracle Financial Services Applications (subcomponent: Apache Commons Collections). The supported version that is affected is 15.1. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Digital Experience accessible data.

CVSS v3.0 Base Score 2.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N). (legend) [Advisory]
CVE-2016-0635 Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure component of Oracle Financial Services Applications (subcomponent: Inline Processing). Supported versions that are affected are 8.0.0, 8.0.1, 8.0.2 and 8.0.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Analytical Applications Infrastructure.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-3081 Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Struts). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0, 12.0.1, 12.0.3 and 12.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in takeover of Oracle FLEXCUBE Private Banking.

CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-5479 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: INFRA). Supported versions that are affected are 11.3.0, 11.4.0 and 12.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data.

CVSS v3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory]
CVE-2016-5490 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: INFRA). The supported version that is affected is 11.4.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle FLEXCUBE Universal Banking executes to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data.

CVSS v3.0 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory]
CVE-2016-5493 Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Admin). Supported versions that are affected are 12.0.1, 12.0.2 and 12.0.3. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data.

CVSS v3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N). (legend) [Advisory]
CVE-2016-5502 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: INFRA). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2 and 12.0.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data.

CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). (legend) [Advisory]
CVE-2016-5543 Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: INFRA). Supported versions that are affected are 12.0.0 and 12.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Enterprise Limits and Collateral Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data.

CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). (legend) [Advisory]
CVE-2016-5569 Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Limits and Collateral). Supported versions that are affected are 12.0.0 and 12.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data.

CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). (legend) [Advisory]
CVE-2016-5594 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: INFRA). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2 and 12.0.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. While the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data.

CVSS v3.0 Base Score 5.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N). (legend) [Advisory]
CVE-2016-5603 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: INFRA). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data.

CVSS v3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory]
CVE-2016-5607 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: INFRA). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in takeover of Oracle FLEXCUBE Universal Banking.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-5619 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: INFRA). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data.

CVSS v3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). (legend) [Advisory]
CVE-2016-5620 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: INFRA). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data.

CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). (legend) [Advisory]
CVE-2016-5621 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: INFRA). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data.

CVSS v3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory]
CVE-2016-5622 Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: INFRA). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data.

CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Health Sciences Applications

 


This table provides the text form of the Risk Matrix for Oracle Health Sciences Applications.

CVE Identifier Description
CVE-2016-2107 Vulnerability in the Oracle Life Sciences Data Hub component of Oracle Health Sciences Applications (subcomponent: OpenSSL). The supported version that is affected is 2.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSL to compromise Oracle Life Sciences Data Hub. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Life Sciences Data Hub and unauthorized read access to a subset of Oracle Life Sciences Data Hub accessible data.

CVSS v3.0 Base Score 8.2 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Hospitality Applications

 


This table provides the text form of the Risk Matrix for Oracle Hospitality Applications.

CVE Identifier Description
CVE-2016-5563 Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OPERA File Upload Download). Supported versions that are affected are 5.4.0.0, 5.4.1.0, 5.4.2.0, 5.4.3.0, 5.5.0.0 and 5.5.1.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. While the vulnerability is in Oracle Hospitality OPERA 5 Property Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality OPERA 5 Property Services accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 Property Services accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality OPERA 5 Property Services.

CVSS v3.0 Base Score 7.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L). (legend) [Advisory]
CVE-2016-5564 Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OPERA Application Login). Supported versions that are affected are 5.4.0.0, 5.4.1.0, 5.4.2.0, 5.4.3.0, 5.5.0.0 and 5.5.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. While the vulnerability is in Oracle Hospitality OPERA 5 Property Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 Property Services accessible data as well as unauthorized read access to a subset of Oracle Hospitality OPERA 5 Property Services accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality OPERA 5 Property Services.

CVSS v3.0 Base Score 7.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L). (legend) [Advisory]
CVE-2016-5565 Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OPERA Xchange Interface (OXI)). Supported versions that are affected are 5.4.0.0, 5.4.1.0, 5.4.2.0, 5.4.3.0, 5.5.0.0 and 5.5.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. While the vulnerability is in Oracle Hospitality OPERA 5 Property Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 Property Services accessible data.

CVSS v3.0 Base Score 7.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Insurance Applications

 


This table provides the text form of the Risk Matrix for Oracle Insurance Applications.

CVE Identifier Description
CVE-2015-7501 Vulnerability in the Oracle Insurance IStream component of Oracle Insurance Applications (subcomponent: Apache Commons Collections). The supported version that is affected is 4.3.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Insurance IStream. Successful attacks of this vulnerability can result in takeover of Oracle Insurance IStream.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Retail Applications

 


This table provides the text form of the Risk Matrix for Oracle Retail Applications.

CVE Identifier Description
CVE-2015-3253 Vulnerability in the Oracle Retail Customer Insights component of Oracle Retail Applications (subcomponent: Security). The supported version that is affected is 15.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Insights. Successful attacks of this vulnerability can result in takeover of Oracle Retail Customer Insights.

CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2015-3253 Vulnerability in the Oracle Retail Merchandising Insights component of Oracle Retail Applications (subcomponent: Security). The supported version that is affected is 15.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Merchandising Insights. Successful attacks of this vulnerability can result in takeover of Oracle Retail Merchandising Insights.

CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2015-7501 Vulnerability in the Oracle Retail Clearance Optimization Engine component of Oracle Retail Applications (subcomponent: General Application). Supported versions that are affected are 13.2, 13.3, 13.4 and 14.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Clearance Optimization Engine. Successful attacks of this vulnerability can result in takeover of Oracle Retail Clearance Optimization Engine.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2015-7501 Vulnerability in the Oracle Retail Xstore Point of Service component of Oracle Retail Applications (subcomponent: Xenvironment). Supported versions that are affected are 5.0, 5.5, 6.0, 6.5, 7.0 and 7.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in takeover of Oracle Retail Xstore Point of Service.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2015-7501 Vulnerability in the MICROS XBR component of Oracle Retail Applications (subcomponent: Liferay). Supported versions that are affected are 7.0.2 and 7.0.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS XBR. Successful attacks of this vulnerability can result in takeover of MICROS XBR.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-1881 Vulnerability in the Oracle Retail Back Office component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 13.0, 13.1, 13.2, 13.3, 13.4, 14.0 and 14.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Back Office. While the vulnerability is in Oracle Retail Back Office, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Back Office accessible data as well as unauthorized read access to a subset of Oracle Retail Back Office accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Back Office.

CVSS v3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L). (legend) [Advisory]
CVE-2016-1881 Vulnerability in the Oracle Retail Central Office component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 13.0, 13.1, 13.2, 13.3, 13.4, 14.0 and 14.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Central Office. While the vulnerability is in Oracle Retail Central Office, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Central Office accessible data as well as unauthorized read access to a subset of Oracle Retail Central Office accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Central Office.

CVSS v3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L). (legend) [Advisory]
CVE-2016-1881 Vulnerability in the Oracle Retail Returns Management component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 13.0, 13.1, 13.2, 13.3, 13.4, 14.0 and 14.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Returns Management. While the vulnerability is in Oracle Retail Returns Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Returns Management accessible data as well as unauthorized read access to a subset of Oracle Retail Returns Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Returns Management.

CVSS v3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L). (legend) [Advisory]
CVE-2016-5539 Vulnerability in the Oracle Retail Xstore Payment component of Oracle Retail Applications (subcomponent: Security). The supported version that is affected is 1.x. Easily exploitable vulnerability allows physical access to compromise Oracle Retail Xstore Payment. While the vulnerability is in Oracle Retail Xstore Payment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Retail Xstore Payment accessible data as well as unauthorized access to critical data or complete access to all Oracle Retail Xstore Payment accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Xstore Payment.

CVSS v3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L). (legend) [Advisory]
CVE-2016-5540 Vulnerability in the Oracle Retail Xstore Payment component of Oracle Retail Applications (subcomponent: Security). The supported version that is affected is 1.x. Difficult to exploit vulnerability allows physical access to compromise Oracle Retail Xstore Payment. While the vulnerability is in Oracle Retail Xstore Payment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Retail Xstore Payment accessible data as well as unauthorized access to critical data or complete access to all Oracle Retail Xstore Payment accessible data.

CVSS v3.0 Base Score 6.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Primavera Products Suite

 


This table provides the text form of the Risk Matrix for Oracle Primavera Products Suite.

CVE Identifier Description
CVE-2016-2107 Vulnerability in the Primavera P6 Professional Project Management component of Oracle Primavera Products Suite (subcomponent: OpenSSL). Supported versions that are affected are 8.3, 8.4, 15.x and 16.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Professional Project Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera P6 Professional Project Management and unauthorized read access to a subset of Primavera P6 Professional Project Management accessible data.

CVSS v3.0 Base Score 8.2 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H). (legend) [Advisory]
CVE-2016-5533 Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Team Member). Supported versions that are affected are 8.4, 15.x and 16.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data.

CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Java SE

 


This table provides the text form of the Risk Matrix for Oracle Java SE.

CVE Identifier Description
CVE-2016-5542 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u121, 7u111 and 8u102; Java SE Embedded: 8u101. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data.

Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).

CVSS v3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). (legend) [Advisory]
CVE-2016-5554 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u121, 7u111 and 8u102; Java SE Embedded: 8u101. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data.

Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).

CVSS v3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). (legend) [Advisory]
CVE-2016-5556 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u121, 7u111 and 8u102. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE.

Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).

CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-5568 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u121, 7u111 and 8u102. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE.

Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).

CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-5573 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u121, 7u111 and 8u102; Java SE Embedded: 8u101. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded.

Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).

CVSS v3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-5582 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u121, 7u111 and 8u102; Java SE Embedded: 8u101. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded.

Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).

CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-5597 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u121, 7u111 and 8u102; Java SE Embedded: 8u101. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data.

Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).

CVSS v3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Sun Systems Products Suite

 


This table provides the text form of the Risk Matrix for Oracle Sun Systems Products Suite.

CVE Identifier Description
CVE-2016-5480 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Bash). The supported version that is affected is 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data.

CVSS v3.0 Base Score 2.8 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N). (legend) [Advisory]
CVE-2016-5481 Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Core Services). The supported version that is affected is AK 2013. Difficult to exploit vulnerability allows unauthenticated attacker with network access via DNS to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Sun ZFS Storage Appliance Kit (AK) accessible data.

CVSS v3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory]
CVE-2016-5486 Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Core Services). The supported version that is affected is AK 2013. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Sun ZFS Storage Appliance Kit (AK) executes to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Sun ZFS Storage Appliance Kit (AK) accessible data.

CVSS v3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory]
CVE-2016-5487 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Files). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris.

CVSS v3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). (legend) [Advisory]
CVE-2016-5492 Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: SMB Users). The supported version that is affected is AK 2013. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Sun ZFS Storage Appliance Kit (AK) executes to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Sun ZFS Storage Appliance Kit (AK) accessible data as well as unauthorized access to critical data or complete access to all Sun ZFS Storage Appliance Kit (AK) accessible data.

Note: This vulnerability applies to local users (i.e. users in /etc/passwd) and not applicable to other (e.g. LDAP) users.

CVSS v3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). (legend) [Advisory]
CVE-2016-5503 Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Core Services). The supported version that is affected is AK 2013. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Sun ZFS Storage Appliance Kit (AK) executes to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK).

CVSS v3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-5508 Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: Cluster Geo). The supported version that is affected is 4.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris Cluster executes to compromise Solaris Cluster. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Solaris Cluster accessible data.

CVSS v3.0 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory]
CVE-2016-5525 Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: Cluster check files). Supported versions that are affected are 3.3 and 4.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris Cluster executes to compromise Solaris Cluster. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris Cluster accessible data.

CVSS v3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). (legend) [Advisory]
CVE-2016-5544 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel/X86). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris.

CVSS v3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-5553 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Filesystem). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris.

CVSS v3.0 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-5559 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Solaris accessible data.

CVSS v3.0 Base Score 4.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N). (legend) [Advisory]
CVE-2016-5561 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: IKE). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via IKEv2 to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris.

CVSS v3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L). (legend) [Advisory]
CVE-2016-5566 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Installation). The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data.

CVSS v3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory]
CVE-2016-5576 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris.

CVSS v3.0 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-5606 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris as well as unauthorized update, insert or delete access to some of Solaris accessible data.

CVSS v3.0 Base Score 6.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H). (legend) [Advisory]
CVE-2016-5615 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Lynx). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris.

CVSS v3.0 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Virtualization

 


This table provides the text form of the Risk Matrix for Oracle Virtualization.

CVE Identifier Description
CVE-2015-7501 Vulnerability in the Virtual Desktop Infrastructure component of Oracle Virtualization (subcomponent: Apache Commons Collection). The supported version that is affected is VDI prior to 3.5.3. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Virtual Desktop Infrastructure. Successful attacks of this vulnerability can result in takeover of Virtual Desktop Infrastructure.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2015-7940 Vulnerability in the Virtual Desktop Infrastructure component of Oracle Virtualization (subcomponent: Bouncy Castle Java). The supported version that is affected is VDI prior to 3.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Virtual Desktop Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Virtual Desktop Infrastructure accessible data.

CVSS v3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory]
CVE-2016-0714 Vulnerability in the Virtual Desktop Infrastructure component of Oracle Virtualization (subcomponent: Apache Tomcat). The supported version that is affected is VDI prior to 3.5.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Virtual Desktop Infrastructure. Successful attacks of this vulnerability can result in takeover of Virtual Desktop Infrastructure.

CVSS v3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-2107 Vulnerability in the Sun Ray Operating Software component of Oracle Virtualization (subcomponent: OpenSSL). The supported version that is affected is SROS prior to 11.1.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Sun Ray Operating Software. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun Ray Operating Software and unauthorized read access to a subset of Sun Ray Operating Software accessible data.

CVSS v3.0 Base Score 8.2 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H). (legend) [Advisory]
CVE-2016-5501 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are VirtualBox prior to 5.0.28 and prior to 5.1.8. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox.

CVSS v3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-5538 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are VirtualBox prior to 5.0.28 and prior to 5.1.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox.

CVSS v3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-5580 Vulnerability in the Secure Global Desktop component of Oracle Virtualization (subcomponent: Web Services). Supported versions that are affected are 4.7 and 5.2. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Secure Global Desktop. While the vulnerability is in Secure Global Desktop, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Secure Global Desktop accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Secure Global Desktop.

CVSS v3.0 Base Score 9.6 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H). (legend) [Advisory]
CVE-2016-5605 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: VirtualBox Remote Desktop Extension (VRDE)). The supported version that is affected is VirtualBox prior to 5.1.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via VRDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data.

CVSS v3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). (legend) [Advisory]
CVE-2016-5608 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are VirtualBox prior to 5.0.28 and prior to 5.1.8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox.

CVSS v3.0 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-5610 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are VirtualBox prior to 5.0.28 and prior to 5.1.8. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox.

CVSS v3.0 Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L). (legend) [Advisory]
CVE-2016-5611 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are VirtualBox prior to 5.0.28 and prior to 5.1.8. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data.

CVSS v3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N). (legend) [Advisory]
CVE-2016-5613 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are VirtualBox prior to 5.0.28 and prior to 5.1.8. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox.

CVSS v3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L). (legend) [Advisory]
CVE-2016-6304 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: OpenSSL). Supported versions that are affected are VirtualBox prior to 5.0.28 and prior to 5.1.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox.

CVSS v3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle MySQL

 


This table provides the text form of the Risk Matrix for Oracle MySQL.

CVE Identifier Description
CVE-2016-3492 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.51 and earlier, 5.6.32 and earlier and 5.7.14 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS v3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-3495 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.13 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS v3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-5507 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.32 and earlier and 5.7.14 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS v3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-5584 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.52 and earlier, 5.6.33 and earlier and 5.7.15 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data.

CVSS v3.0 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory]
CVE-2016-5598 Vulnerability in the MySQL Connector component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 2.1.3 and earlier and 2.0.4 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connector. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connector accessible data as well as unauthorized read access to a subset of MySQL Connector accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connector.

CVSS v3.0 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L). (legend) [Advisory]
CVE-2016-5609 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.6.31 and earlier 5.7.13 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS v3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-5612 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.50 and earlier, 5.6.31 and earlier and 5.7.13 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS v3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-5616 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.51 and earlier, 5.6.32 and earlier and 5.7.14 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server.

CVSS v3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-5617 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.51 and earlier, 5.6.32 and earlier and 5.7.14 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server.

CVSS v3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-5624 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.51 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS v3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-5625 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.7.14 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server.

CVSS v3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-5626 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: GIS). Supported versions that are affected are 5.5.51 and earlier, 5.6.32 and earlier and 5.7.14 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS v3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-5627 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.31 and earlier and 5.7.13 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS v3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-5628 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.13 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS v3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-5629 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Federated). Supported versions that are affected are 5.5.51 and earlier, 5.6.32 and earlier and 5.7.14 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS v3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-5630 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.31 and earlier 5.7.13 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS v3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-5631 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.7.13 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS v3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-5632 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.14 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS v3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-5633 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.7.13 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS v3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-5634 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: RBR). Supported versions that are affected are 5.7.13 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS v3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-5635 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Audit). Supported versions that are affected are 5.7.13 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS v3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-6304 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.33 and earlier and 5.7.15 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS v3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-6662 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Logging). Supported versions that are affected are 5.5.52 and earlier, 5.6.33 and earlier and 5.7.15 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server.

CVSS v3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H). (legend) [Advisory]
CVE-2016-7440 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.52 and earlier, 5.6.33 and earlier and 5.7.15 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data.

CVSS v3.0 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory]
CVE-2016-8283 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Types). Supported versions that are affected are 5.5.51 and earlier, 5.6.32 and earlier and 5.7.14 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server.

CVSS v3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory]
CVE-2016-8284 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.31 and earlier and 5.7.13 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server.

CVSS v3.0 Base Score 1.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L). (legend) [Advisory]
CVE-2016-8286 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.14 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data.

CVSS v3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory]
CVE-2016-8287 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.13 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS v3.0 Base Score 4.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2016-8288 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB Plugin). Supported versions that are affected are 5.6.30 and earlier and 5.7.12 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data.

CVSS v3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N). (legend) [Advisory]
CVE-2016-8289 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.13 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data.

CVSS v3.0 Base Score 4.7 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H). (legend) [Advisory]
CVE-2016-8290 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.7.13 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS v3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]