Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices



This document provides the text form of the CPUApr2015 Advisory Risk Matrices. Please note that the CVE numbers in this document correspond to the same CVE numbers in the CPUApr2015 Advisory

This page contains the following text format Risk Matrices:

 

Text Form of Risk Matrix for Oracle Database Server


This table provides the text form of the Risk Matrix for Oracle Database Server.

CVE IdentifierDescription
CVE-2015-0455Vulnerability in the XDB - XML Database component of Oracle Database Server. This vulnerability requires Valid account privileges for a successful attack. Supported versions that are affected are 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to any arbitrary Operating System location.

Note: The CVSS score is 6.8 only on Windows for Database versions prior to 12c. The CVSS is 4.0 (Confidentiality is "Partial+") for Database 12c on Windows and for all versions of Database on Linux, Unix and other platforms.

CVSS Base Score 6.8 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:C/I:N/A:N). (legend) [Advisory]
CVE-2015-0457Vulnerability in the Java VM component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: The CVSS score is 9.0 only on Windows for Database versions prior to 12c. The CVSS is 6.5 (Confidentiality, Integrity and Availability is "Partial+") for Database 12c on Windows and for all versions of Database on Linux, Unix and other platforms.

CVSS Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-0479Vulnerability in the XDK and XDB - XML Database component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.2.0.3, 11.2.0.4 and 12.1.0.1. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of XDK and XDB - XML Database.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-0483Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Core RDBMS accessible data.

CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory]

 

Text Form of Risk Matrix for Oracle Fusion Middleware


This table provides the text form of the Risk Matrix for Oracle Fusion Middleware.

CVE IdentifierDescription
CVE-2013-4286Vulnerability in the Oracle GoldenGate Monitor component of Oracle Fusion Middleware (subcomponent: Tomcat). The supported version that is affected is 11.1.2.1.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle GoldenGate Monitor accessible data as well as read access to a subset of Oracle GoldenGate Monitor accessible data.

CVSS Base Score 5.8 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2013-4545Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). Supported versions that are affected are 3.0.1 and 3.1.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle GlassFish Server accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2014-0050Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: WebCenter Sites). Supported versions that are affected are 7.6.2, 11.1.1.6.1 and 11.1.1.8.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Sites.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2014-0112Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Community). Supported versions that are affected are 11.1.1.6.1 and 11.1.1.8.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebCenter Sites accessible data.

CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2014-1568Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). The supported version that is affected is 2.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle GlassFish Server accessible data as well as read access to a subset of Oracle GlassFish Server accessible data and ability to cause a partial denial of service (partial DOS) of Oracle GlassFish Server.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2014-1568Vulnerability in the Oracle iPlanet Web Proxy Server component of Oracle Fusion Middleware (subcomponent: Security). The supported version that is affected is 4.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle iPlanet Web Proxy Server accessible data as well as read access to a subset of Oracle iPlanet Web Proxy Server accessible data and ability to cause a partial denial of service (partial DOS) of Oracle iPlanet Web Proxy Server.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2014-1568Vulnerability in the Oracle iPlanet Web Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 6.1 and 7.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle iPlanet Web Server accessible data as well as read access to a subset of Oracle iPlanet Web Server accessible data and ability to cause a partial denial of service (partial DOS) of Oracle iPlanet Web Server.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2014-3571Vulnerability in the Oracle Exalogic Infrastructure component of Oracle Fusion Middleware (subcomponent: Network Infra Framework). Supported versions that are affected are 1.x and 2.x. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Exalogic Infrastructure.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-0235Vulnerability in the Oracle Exalogic Infrastructure component of Oracle Fusion Middleware (subcomponent: Network Infra Framework). Supported versions that are affected are 1.x and 2.x. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-0449Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Console). Supported versions that are affected are 10.3.6.0, 12.1.1.0 and 12.1.2.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebLogic Server accessible data.

CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2015-0450Vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: WebCenter Spaces Application). The supported version that is affected is 11.1.1.8.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebCenter Portal accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2015-0451Vulnerability in the Oracle OpenSSO component of Oracle Fusion Middleware (subcomponent: OpenSSO Web Agents). Supported versions that are affected are 3.0-04. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle OpenSSO accessible data.

CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2015-0456Vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: Portlet Services). The supported version that is affected is 11.1.1.8.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebCenter Portal accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2015-0461Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Authentication Engine). Supported versions that are affected are 11.1.1.5 and 11.1.1.7. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized write access to any arbitrary Operating System location as well as read access to all Oracle Access Manager accessible data.

CVSS Base Score 7.0 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:C/A:N). (legend) [Advisory]
CVE-2015-0474Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.4.1, 8.5.0 and 8.5.1. Difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS Base Score would increase to 6.8.

CVSS Base Score 1.5 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-0482Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS-WebServices). Supported versions that are affected are 12.1.2.0 and 12.1.3.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebLogic Server accessible data as well as read access to a subset of Oracle WebLogic Server accessible data and ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server.

CVSS Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P). (legend) [Advisory]
CVE-2015-0493Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.4.1, 8.5.0 and 8.5.1. Difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS Base Score would increase to 6.8.

CVSS Base Score 1.5 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory]

 

Text Form of Risk Matrix for Oracle Hyperion


This table provides the text form of the Risk Matrix for Oracle Hyperion.

CVE IdentifierDescription
CVE-2015-0509Vulnerability in the Oracle Hyperion BI+ component of Oracle Hyperion (subcomponent: Reporting and Analysis). Supported versions that are affected are 11.1.2.2 and 11.1.2.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Hyperion BI+ accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2015-2572Vulnerability in the Oracle Hyperion Smart View for Office component of Oracle Hyperion (subcomponent: Core). Supported versions that are affected are 11.1.2.5.216 and earlier. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Hyperion Smart View for Office accessible data as well as read access to a subset of Oracle Hyperion Smart View for Office accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Smart View for Office.

Note: This vulnerability is only applicable on Windows operating system.

CVSS Base Score 4.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]

 

Text Form of Risk Matrix for Oracle Enterprise Manager Grid Control


This table provides the text form of the Risk Matrix for Oracle Enterprise Manager Grid Control.

CVE IdentifierDescription
CVE-2015-0473Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: My Oracle Support Plugin). Supported versions that are affected are MOS:12.1.0.5 and MOS 12.1.0.6. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Base Platform accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]

 

Text Form of Risk Matrix for Oracle E-Business Suite


This table provides the text form of the Risk Matrix for Oracle E-Business Suite.

CVE IdentifierDescription
CVE-2015-0447Vulnerability in the Oracle Applications Technology Stack component of Oracle E-Business Suite (subcomponent: Configurator DMZ rules). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.3, 12.2.3 and 12.2.4. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Technology Stack accessible data.

CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2015-0489Vulnerability in the Application Management Pack for Oracle E-Business Suite component of Oracle E-Business Suite (subcomponent: EBS Plugin). Supported versions that are affected are AMP 121030 and AMP 121020. Very difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of Application Management Pack for Oracle E-Business Suite accessible data.

CVSS Base Score 1.2 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:H/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2015-0504Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Error Messages). Supported versions that are affected are 12.0.6 and 12.1.3. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Object Library accessible data.

CVSS Base Score 2.6 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2015-2565Vulnerability in the Oracle Installed Base component of Oracle E-Business Suite (subcomponent: Create Item Instance). Supported versions that are affected are 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Installed Base accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]

 

Text Form of Risk Matrix for Oracle Supply Chain Products Suite


This table provides the text form of the Risk Matrix for Oracle Supply Chain Products Suite.

CVE IdentifierDescription
CVE-2014-3571Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Install). Supported versions that are affected are 6.1 and 6.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Transportation Management.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-0462Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5 and 6.3.6. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to all Oracle Transportation Management accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2015-0463Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5 and 6.3.6. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Transportation Management accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2015-0464Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5 and 6.3.6. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Transportation Management accessible data.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2015-0465Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: UI Infrastructure). Supported versions that are affected are 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5 and 6.3.6. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Transportation Management accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2015-0490Vulnerability in the Oracle Agile Engineering Data Management component of Oracle Supply Chain Products Suite (subcomponent: BAS - Base Component). The supported version that is affected is 6.1.3.0. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Agile Engineering Data Management accessible data as well as read access to all Oracle Agile Engineering Data Management accessible data.

CVSS Base Score 4.9 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2015-2570Vulnerability in the Oracle Demand Planning component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 11.5.10, 12.0, 12.1 and 12.2. Easily exploitable vulnerability allows successful authenticated network attacks via SQLNET. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Demand Planning as well as update, insert or delete access to some Oracle Demand Planning accessible data and read access to a subset of Oracle Demand Planning accessible data.

CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory]

 

Text Form of Risk Matrix for Oracle PeopleSoft Products


This table provides the text form of the Risk Matrix for Oracle PeopleSoft Products.

CVE IdentifierDescription
CVE-2015-0453Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PORTAL). Supported versions that are affected are 8.53 and 8.54. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP, but can only be launched from an adjacent network. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data.

CVSS Base Score 3.3 (Confidentiality impacts). CVSS V2 Vector: (AV:A/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2015-0472Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.53 and 8.54. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data.

CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2015-0485Vulnerability in the PeopleSoft Enterprise SCM Strategic Sourcing component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 9.1 and 9.2. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise SCM Strategic Sourcing accessible data.

CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2015-0487Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.53 and 8.54. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data.

CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2015-0496Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Search Functionality). Supported versions that are affected are 8.53 and 8.54. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2015-0497Vulnerability in the PeopleSoft Enterprise Portal Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Enterprise Portal). The supported version that is affected is 9.1.00. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise Portal Interaction Hub accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]

 

Text Form of Risk Matrix for Oracle JD Edwards Products


This table provides the text form of the Risk Matrix for Oracle JD Edwards Products.

CVE IdentifierDescription
CVE-2015-0475Vulnerability in the JD Edwards EnterpriseOne Technology component of Oracle JD Edwards Products (subcomponent: Web Runtime Security). The supported version that is affected is 9.1. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Technology accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]

 

Text Form of Risk Matrix for Oracle Siebel CRM


This table provides the text form of the Risk Matrix for Oracle Siebel CRM.

CVE IdentifierDescription
CVE-2015-0502Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: Portal Framework). Supported versions that are affected are 8.1 and 8.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Siebel UI Framework accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]

 

Text Form of Risk Matrix for Oracle Commerce Platform


This table provides the text form of the Risk Matrix for Oracle Commerce Platform.

CVE IdentifierDescription
CVE-2015-0495Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager component of Oracle Commerce Platform (subcomponent: Workbench). Supported versions that are affected are 3.x and 11.x. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized takeover of Oracle Commerce Guided Search / Oracle Commerce Experience Manager possibly including arbitrary code execution within the Oracle Commerce Guided Search / Oracle Commerce Experience Manager.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2015-0510Vulnerability in the Oracle Commerce Platform component of Oracle Commerce Platform (subcomponent: Dynamo Application Framework - HTML Admin User Interface). Supported versions that are affected are 9.4, 10.0 and 10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Commerce Platform accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]

 

Text Form of Risk Matrix for Oracle Retail Applications


This table provides the text form of the Risk Matrix for Oracle Retail Applications.

CVE IdentifierDescription
CVE-2015-0466Vulnerability in the Oracle Retail Back Office component of Oracle Retail Applications. Supported versions that are affected are 12.0, 12.0IN, 13.0, 13.1, 13.2, 13.3, 13.4, 14.0 and 14.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Retail Back Office accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2015-0494Vulnerability in the Oracle Retail Central Office component of Oracle Retail Applications. Supported versions that are affected are 13.1, 13.2, 13.3, 13.4,14.0 and 14.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Retail Central Office accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]

 

Text Form of Risk Matrix for Oracle Health Sciences Applications


This table provides the text form of the Risk Matrix for Oracle Health Sciences Applications.

CVE IdentifierDescription
CVE-2015-2579Vulnerability in the Oracle Health Sciences Argus Safety component of Oracle Health Sciences Applications (subcomponent: BIP Installer). The supported version that is affected is 8.0. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Health Sciences Argus Safety accessible data.

CVSS Base Score 2.1 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]

 

Text Form of Risk Matrix for Oracle Right Now Service Cloud


This table provides the text form of the Risk Matrix for Oracle Right Now Service Cloud.

CVE IdentifierDescription
CVE-2015-0440Vulnerability in the Oracle Knowledge component of Oracle Right Now Service Cloud (subcomponent: Information Manager Console). Supported versions that are affected are 8.2.3.10.1 and 8.4.7.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via LDAP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Knowledge accessible data.

CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory]

 

Text Form of Risk Matrix for Oracle Java SE


This table provides the text form of the Risk Matrix for Oracle Java SE.

CVE IdentifierDescription
CVE-2015-0204Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE 5.0u81, Java SE 6u91 and JRockit R28.3.5. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, JRockit accessible data as well as read access to a subset of Java SE, JRockit accessible data.

Note: Applies to client and server deployment of JSSE.

CVSS Base Score 4.0 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2015-0458Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u91, Java SE 7u76 and Java SE 8u40. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-0459Vulnerability in the Java SE, JavaFX component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE 5.0u81, Java SE 6u91, Java SE 7u76, Java SE 8u40 and Java FX 2.2.76. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-0460Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE 5.0u81, Java SE 6u91, Java SE 7u76 and Java SE 8u40. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-0469Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE 5.0u81, Java SE 6u91, Java SE 7u76 and Java SE 8u40. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-0470Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Hotspot). The supported version that is affected is Java SE 8u40. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2015-0477Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Beans). Supported versions that are affected are Java SE 5.0u81, Java SE 6u91, Java SE 7u76 and Java SE 8u40. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2015-0478Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE 5.0u81, Java SE 6u91, Java SE 7u76, Java SE 8u40 and JRockit R28.3.5. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE, JRockit accessible data.

Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.

CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2015-0480Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Tools). Supported versions that are affected are Java SE 5.0u81, Java SE 6u91, Java SE 7u76 and Java SE 8u40. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data and ability to cause a partial denial of service (partial DOS) of Java SE.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 5.8 (Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:P). (legend) [Advisory]
CVE-2015-0484Vulnerability in the Java SE, JavaFX component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE 7u76, Java SE 8u40 and Java FX 2.2.76. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, JavaFX accessible data as well as read access to a subset of Java SE, JavaFX accessible data and ability to cause a partial denial of service (partial DOS) of Java SE, JavaFX.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2015-0486Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). The supported version that is affected is Java SE 8u40. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2015-0488Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE 5.0u81, Java SE 6u91, Java SE 7u76, Java SE 8u40 and JRockit R28.3.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit.

Note: Applies to client and server deployment of JSSE.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-0491Vulnerability in the Java SE, JavaFX component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE 5.0u81, Java SE 6u91, Java SE 7u76, Java SE 8u40 and Java FX 2.2.76. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-0492Vulnerability in the Java SE, JavaFX component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE 7u76, Java SE 8u40 and Java FX 2.2.76. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]

 

Text Form of Risk Matrix for Oracle Sun Systems Products Suite


This table provides the text form of the Risk Matrix for Oracle Sun Systems Products Suite.

CVE IdentifierDescription
CVE-2014-3566Vulnerability in the Oracle VM Server for SPARC component of Oracle Sun Systems Products Suite (subcomponent: MGMT XML interface). Supported versions that are affected are 3.1 and 3.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle VM Server for SPARC accessible data.

CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2015-0235Vulnerability in the Cisco MDS Fiber Channel Switch component of Oracle Sun Systems Products Suite (subcomponent: NX-OS). Supported versions that are affected are 5.2 and 6.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-0448Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: ZFS File system). The supported version that is affected is 11.2. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-0452Vulnerability in the Oracle VM Server for SPARC component of Oracle Sun Systems Products Suite (subcomponent: Ldom Manager). Supported versions that are affected are 3.1 and 3.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via UDP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle VM Server for SPARC accessible data.

CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2015-0471Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: libelfsign). Supported versions that are affected are 10 and 11.2. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris.

CVSS Base Score 4.4 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2015-2574Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Text Utilities). The supported version that is affected is 10. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data.

CVSS Base Score 2.1 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2015-2577Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Accounting commands). The supported version that is affected is 10. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-2578Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel IDMap). The supported version that is affected is 11.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 7.1 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C). (legend) [Advisory]

 

Text Form of Risk Matrix for Oracle MySQL


This table provides the text form of the Risk Matrix for Oracle MySQL.

CVE IdentifierDescription
CVE-2014-0112Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Service Manager). Supported versions that are affected are 2.3.16 and earlier and 3.0.10 and earlier. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: This fix also addresses CVE-2014-0050, CVE-2014-0094, CVE-2014-0113, CVE-2014-0116. The CVSS score is 10.0 if MySQL Enterprise Monitor runs with admin or root privileges. The score would be 7.5 if MySQL Enterprise Monitor runs with non-admin privileges and the impact on Confidentiality, Integrity and Availability would be Partial+.

CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2014-3569Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Encryption). Supported versions that are affected are 5.6.22 and earlier. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server.

Note: This fix also addresses CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205 and CVE-2015-0206.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2014-7809Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Service Manager). Supported versions that are affected are 2.3.19 and earlier and 3.0.18 and earlier. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some MySQL Enterprise Monitor accessible data as well as read access to a subset of MySQL Enterprise Monitor accessible data and ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2015-0405Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : XA). Supported versions that are affected are 5.6.22 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-0423Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Optimizer). Supported versions that are affected are 5.6.22 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-0433Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : InnoDB : DML). Supported versions that are affected are 5.5.41 and earlier and 5.6.22 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-0438Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.6.22 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-0439Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : InnoDB). Supported versions that are affected are 5.6.22 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-0441Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Encryption). Supported versions that are affected are 5.5.41 and earlier and 5.6.22 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-0498Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Replication). Supported versions that are affected are 5.6.23 and earlier. Very difficult to exploit vulnerability allows successful network attacks via multiple protocols, requiring multiple authentications. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 1.7 (Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:M/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-0499Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Federated). Supported versions that are affected are 5.5.42 and earlier and 5.6.23 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-0500Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Information Schema). Supported versions that are affected are 5.6.23 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-0501Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Compiling). Supported versions that are affected are 5.5.42 and earlier and 5.6.23 and earlier. Difficult to exploit vulnerability allows successful network attacks via multiple protocols, requiring multiple authentications. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 5.7 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:M/C:N/I:N/A:C). (legend) [Advisory]
CVE-2015-0503Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.6.23 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-0505Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : DDL). Supported versions that are affected are 5.5.42 and earlier and 5.6.23 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-0506Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : InnoDB). Supported versions that are affected are 5.6.23 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-0507Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Memcached). Supported versions that are affected are 5.6.23 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-0508Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : InnoDB). Supported versions that are affected are 5.6.23 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-0511Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : SP). Supported versions that are affected are 5.6.23 and earlier. Difficult to exploit vulnerability allows successful network attacks via multiple protocols, requiring multiple authentications. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 2.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:M/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-2566Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : DML). Supported versions that are affected are 5.6.22 and earlier. Difficult to exploit vulnerability allows successful network attacks via multiple protocols, requiring multiple authentications. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 2.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:M/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-2567Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.23 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-2568Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.41 and earlier and 5.6.22 and earlier. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-2571Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Optimizer). Supported versions that are affected are 5.5.42 and earlier and 5.6.23 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-2573Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : DDL). Supported versions that are affected are 5.5.41 and earlier and 5.6.22 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-2575Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.34 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some MySQL Connectors accessible data as well as read access to a subset of MySQL Connectors accessible data.

CVSS Base Score 4.9 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2015-2576Vulnerability in the MySQL Utilities component of Oracle MySQL (subcomponent: Installation). Supported versions that are affected are 1.5.1 and earlier. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some MySQL Utilities accessible data.

Note: This vulnerability is only applicable on Windows operating system.

CVSS Base Score 2.1 (Integrity impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory]

 

Text Form of Risk Matrix for Oracle Support Tools


This table provides the text form of the Risk Matrix for Oracle Support Tools.

CVE IdentifierDescription
CVE-2015-0476Vulnerability in the SQL Trace Analyzer component of Oracle Support Tools (subcomponent: Create Session). The supported version that is affected is All versions prior to 12.1.11. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some SQL Trace Analyzer accessible data as well as read access to a subset of SQL Trace Analyzer accessible data.

Note: Please refer to My Oracle Support Note 215187.1 for instructions on upgrading to SQLT version 12.1.11.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]