Text Form of Oracle Critical Patch Update - January 2016 Risk Matrices



This document provides the text form of the CPUJan2016 Advisory Risk Matrices. Please note that the CVE numbers in this document correspond to the same CVE numbers in the CPUJan2016 Advisory

This page contains the following text format Risk Matrices:

 

Text Form of Risk Matrix for Oracle Database Server


This table provides the text form of the Risk Matrix for Oracle Database Server.

CVE IdentifierDescription
CVE-2015-4921Vulnerability in the Database Vault component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Database Vault accessible data.

CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2015-4923Vulnerability in the XML Developer's Kit for C component of Oracle Database Server. This vulnerability requires Valid account privileges for a successful attack. Supported versions that are affected are 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of XML Developer's Kit for C.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-4925Vulnerability in the Workspace Manager component of Oracle Database Server. This vulnerability requires Create Session, Create Table, Create Procedure privileges for a successful attack. The supported version that is affected is 11.2.0.4. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized takeover of Workspace Manager possibly including arbitrary code execution within the Workspace Manager.

CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory]
CVE-2016-0461Vulnerability in the XDB - XML Database component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of XDB - XML Database.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2016-0467Vulnerability in the Security component of Oracle Database Server. This vulnerability requires Create Session, Create Java Source privileges for a successful attack. Supported versions that are affected are 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Security accessible data.

CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2016-0472Vulnerability in the XDB - XML Database component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to all XDB - XML Database accessible data and ability to cause a partial denial of service (partial DOS) of XDB - XML Database.

CVSS Base Score 5.5 (Confidentiality and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:P). (legend) [Advisory]
CVE-2016-0499Vulnerability in the Java VM component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: The CVSS score is 9.0 only on Windows for Database versions prior to 12c. The CVSS is 6.5 (Confidentiality, Integrity and Availability is "Partial+") for Database 12c on Windows and for all other versions of Database on Linux, Unix and other platforms.

CVSS Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C). (legend) [Advisory]

 

Text Form of Risk Matrix for Oracle GoldenGate


This table provides the text form of the Risk Matrix for Oracle GoldenGate.

CVE IdentifierDescription
CVE-2016-0450Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate. Supported versions that are affected are 11.2 and 12.1.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via Oracle Golden Gate. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2016-0451Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate. Supported versions that are affected are 11.2 and 12.1.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via Oracle Golden Gate. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: The CVSS score is 10.0 only on Windows for Database versions prior to 12c. The CVSS is 7.5 (Confidentiality, Integrity and Availability is "Partial+") for Database 12c on Windows and for all versions of Database on Linux, Unix and other platforms.

CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2016-0452Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate. Supported versions that are affected are 11.2 and 12.1.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via Oracle Golden Gate. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: The CVSS score is 10.0 only on Windows for Database versions prior to 12c. The CVSS is 7.5 (Confidentiality, Integrity and Availability is "Partial+") for Database 12c on Windows and for all versions of Database on Linux, Unix and other platforms.

CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]

 

Text Form of Risk Matrix for Oracle Fusion Middleware


This table provides the text form of the Risk Matrix for Oracle Fusion Middleware.

CVE IdentifierDescription
CVE-2013-2186Vulnerability in the Oracle WebLogic Portal component of Oracle Fusion Middleware (subcomponent: Core Services). The supported version that is affected is 10.3.6. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebLogic Portal accessible data as well as read access to a subset of Oracle WebLogic Portal accessible data and ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Portal.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2014-0107Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: XML Parser). Supported versions that are affected are 10.3.6, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebLogic Server accessible data as well as read access to a subset of Oracle WebLogic Server accessible data and ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2014-0107Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Sites). Supported versions that are affected are 7.6.2 and 11.1.1.8.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebCenter Sites accessible data as well as read access to a subset of Oracle WebCenter Sites accessible data and ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Sites.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2015-1793Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: BI Platform Security). Supported versions that are affected are 11.1.1.7.0 and 11.1.1.9.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Business Intelligence Enterprise Edition accessible data as well as read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2015-1793Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: SSL/TLS). The supported version that is affected is 12.1.1.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Tuxedo accessible data as well as read access to a subset of Oracle Tuxedo accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2015-1793Vulnerability in the Oracle Endeca Server component of Oracle Fusion Middleware (subcomponent: SSL/TLS). Supported versions that are affected are 7.3.0.0, 7.4.0.0, 7.5.0.0 and 7.6.0.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Endeca Server accessible data as well as read access to a subset of Oracle Endeca Server accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2015-4808Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.0, 8.5.1 and 8.5.2. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS Base Score would increase to 6.8.

CVSS Base Score 1.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-6013Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.0, 8.5.1 and 8.5.2. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS Base Score would increase to 6.8.

CVSS Base Score 1.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-6014Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.0, 8.5.1 and 8.5.2. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS Base Score would increase to 6.8.

CVSS Base Score 1.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-6015Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.0, 8.5.1 and 8.5.2. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS Base Score would increase to 6.8.

CVSS Base Score 1.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2016-0401Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware (subcomponent: Scheduler). Supported versions that are affected are 11.1.1.7.0 and 11.1.1.9.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle BI Publisher accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2016-0404Vulnerability in the Oracle Identity Federation component of Oracle Fusion Middleware (subcomponent: Admin). The supported version that is affected is 11.1.2.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Identity Federation accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2016-0413Vulnerability in the Oracle Identity Federation component of Oracle Fusion Middleware (subcomponent: Federation protocol support). The supported version that is affected is 11.1.1.7. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Identity Federation accessible data.

CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2016-0429Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware (subcomponent: Scheduler). Supported versions that are affected are 11.1.1.7.0 and 11.1.1.9.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle BI Publisher accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2016-0430Vulnerability in the Web Cache component of Oracle Fusion Middleware (subcomponent: SSL Support). Supported versions that are affected are 11.1.1.7.0 and 11.1.1.9.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Web Cache accessible data.

CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2016-0432Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.0, 8.5.1 and 8.5.2. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology.

Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS Base Score would increase to 6.8.

CVSS Base Score 1.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2016-0433Vulnerability in the Web Cache component of Oracle Fusion Middleware (subcomponent: SSL Support). The supported version that is affected is 11.1.1.9.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Web Cache accessible data.

CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2016-0439Vulnerability in the Web Cache component of Oracle Fusion Middleware (subcomponent: SSL Support). Supported versions that are affected are 11.1.1.7.0 and 11.1.1.9.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Web Cache accessible data.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2016-0441Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Embedded Server). The supported version that is affected is 3.1.2. Very difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized write access to any arbitrary Operating System location as well as read access to any arbitrary Operating System location and ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GlassFish Server.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:C/I:C/A:P). (legend) [Advisory]
CVE-2016-0453Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Embedded Server). The supported version that is affected is 3.1.2. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP, but can only be launched from an adjacent network. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle GlassFish Server accessible data.

CVSS Base Score 1.8 (Integrity impacts). CVSS V2 Vector: (AV:A/AC:H/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2016-0464Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS-Console). Supported versions that are affected are 10.3.6, 12.1.2 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebLogic Server accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2016-0470Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0 and 12.2.1.0.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle BI Publisher accessible data as well as read access to a subset of Oracle BI Publisher accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0572Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Coherence Container). Supported versions that are affected are 10.3.6, 12.1.2, 12.1.3 and 12.2.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized takeover of Oracle WebLogic Server possibly including arbitrary code execution within the Oracle WebLogic Server.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2016-0573Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Java Messaging Service). Supported versions that are affected are 10.3.6, 12.1.2, 12.1.3 and 12.2.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via JMS. Successful attack of this vulnerability can result in unauthorized takeover of Oracle WebLogic Server possibly including arbitrary code execution within the Oracle WebLogic Server.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2016-0574Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6, 12.1.2, 12.1.3 and 12.2.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized takeover of Oracle WebLogic Server possibly including arbitrary code execution within the Oracle WebLogic Server.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2016-0577Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6, 12.1.2, 12.1.3 and 12.2.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via T3. Successful attack of this vulnerability can result in unauthorized takeover of Oracle WebLogic Server possibly including arbitrary code execution within the Oracle WebLogic Server.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2016-0614Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0 and 12.2.1.0.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle BI Publisher accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]

 

Text Form of Risk Matrix for Oracle Enterprise Manager Grid Control


This table provides the text form of the Risk Matrix for Oracle Enterprise Manager Grid Control.

CVE IdentifierDescription
CVE-2013-1741Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Grid Control (subcomponent: Satellite Framework). Supported versions that are affected are Prior to 12.1.4, 12.2.0, 12.2.1 and 12.3.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized takeover of Enterprise Manager Ops Center possibly including arbitrary code execution within the Enterprise Manager Ops Center.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2014-3583Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Grid Control (subcomponent: Update Provisioning). Supported versions that are affected are Prior to 12.1.4, 12.2.0, 12.2.1 and 12.3.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Ops Center accessible data.

CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2015-0286Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Grid Control (subcomponent: Networking). Supported versions that are affected are Prior to 12.1.4, 12.2.0, 12.2.1 and 12.3.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Ops Center.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-1793Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Discovery Framework). Supported versions that are affected are 12.1.0.4 and 12.1.0.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Base Platform accessible data as well as read access to a subset of Enterprise Manager Base Platform accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2015-1793Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Grid Control (subcomponent: Networking). Supported versions that are affected are Prior to 12.1.4, 12.2.0, 12.2.1 and 12.3.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Ops Center accessible data as well as read access to a subset of Enterprise Manager Ops Center accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2015-3153Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Grid Control (subcomponent: Networking). Supported versions that are affected are Prior to 12.1.4, 12.2.0, 12.2.1 and 12.3.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Enterprise Manager Ops Center accessible data.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2015-4885Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Agent Next Gen). The supported version that is affected is 12.1.0.4. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Enterprise Manager Base Platform accessible data.

CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2016-0411Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Agent Next Gen). Supported versions that are affected are 11.1.0.1 and 11.2.0.4. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized takeover of Enterprise Manager Base Platform possibly including arbitrary code execution within the Enterprise Manager Base Platform.

CVSS Base Score 4.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2016-0415Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: UI Framework). Supported versions that are affected are 11.1.0.1, 12.1.0.4 and 12.1.0.5. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Base Platform accessible data as well as read access to a subset of Enterprise Manager Base Platform accessible data and ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2016-0427Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: UI Framework). Supported versions that are affected are 11.1.0.1, 11.2.0.4, 12.1.0.4 and 12.1.0.5. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Enterprise Manager Base Platform accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2016-0442Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Loader Service). Supported versions that are affected are 12.1.0.4 and 12.1.0.5. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Enterprise Manager Base Platform as well as update, insert or delete access to some Enterprise Manager Base Platform accessible data and read access to a subset of Enterprise Manager Base Platform accessible data.

CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory]
CVE-2016-0443Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Agent Next Gen). Supported versions that are affected are 11.1.0.1, 12.1.0.4 and 12.1.0.5. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to all Enterprise Manager Base Platform accessible data.

CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2016-0444Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Agent Next Gen). Supported versions that are affected are 11.1.0.1, 11.2.0.4, 12.1.0.4 and 12.1.0.5. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to all Enterprise Manager Base Platform accessible data as well as update, insert or delete access to some Enterprise Manager Base Platform accessible data and ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform.

CVSS Base Score 4.4 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2016-0445Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Agent Next Gen). Supported versions that are affected are 11.1.0.1, 11.2.0.4, 12.1.0.4, 12.1.0.5 and . Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized takeover of Enterprise Manager Base Platform possibly including arbitrary code execution within the Enterprise Manager Base Platform.

CVSS Base Score 4.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2016-0446Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Agent Next Gen). Supported versions that are affected are 11.1.0.1, 11.2.0.4, 12.1.0.4 and 12.1.0.5. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to all Enterprise Manager Base Platform accessible data.

CVSS Base Score 2.1 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2016-0447Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Agent Next Gen). Supported versions that are affected are 11.1.0.1, 11.2.0.4, 12.1.0.4 and 12.1.0.5. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Base Platform accessible data as well as read access to a subset of Enterprise Manager Base Platform accessible data and ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform.

CVSS Base Score 4.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2016-0449Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Agent Next Gen). Supported versions that are affected are 11.1.0.1, 11.2.0.4, 12.1.0.4 and 12.1.0.5. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Base Platform accessible data as well as read access to a subset of Enterprise Manager Base Platform accessible data and ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform .

CVSS Base Score 4.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2016-0455Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Agent Next Gen). Supported versions that are affected are 11.1.0.1, 11.2.0.4, 12.1.0.4 and 12.1.0.5. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized read access to any arbitrary Operating System location and ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform.

CVSS Base Score 5.2 (Confidentiality and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:C/I:N/A:P). (legend) [Advisory]
CVE-2016-0476Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Load Testing for Web Apps). Supported versions that are affected are 12.4.0.2 and 12.5.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to all Oracle Application Testing Suite accessible data.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2016-0477Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Load Testing for Web Apps). Supported versions that are affected are 12.4.0.2 and 12.5.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to all Oracle Application Testing Suite accessible data.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2016-0478Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Load Testing for Web Apps). Supported versions that are affected are 12.4.0.2 and 12.5.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to all Oracle Application Testing Suite accessible data.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2016-0480Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Test Manager for Web Apps). Supported versions that are affected are 12.4.0.2 and 12.5.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Application Testing Suite accessible data.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2016-0481Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Test Manager for Web Apps). Supported versions that are affected are 12.4.0.2 and 12.5.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Application Testing Suite accessible data.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2016-0482Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Test Manager for Web Apps). Supported versions that are affected are 12.4.0.2 and 12.5.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Application Testing Suite accessible data.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2016-0484Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Test Manager for Web Apps). Supported versions that are affected are 12.4.0.2 and 12.5.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to all Oracle Application Testing Suite accessible data.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2016-0485Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Test Manager for Web Apps). Supported versions that are affected are 12.4.0.2 and 12.5.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Application Testing Suite accessible data.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2016-0486Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Test Manager for Web Apps). Supported versions that are affected are 12.4.0.2 and 12.5.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to all Oracle Application Testing Suite accessible data.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2016-0487Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Test Manager for Web Apps). Supported versions that are affected are 12.4.0.2 and 12.5.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Testing Suite accessible data as well as read access to a subset of Oracle Application Testing Suite accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0488Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Load Testing for Web Apps). Supported versions that are affected are 12.4.0.2 and 12.5.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Testing Suite accessible data as well as read access to a subset of Oracle Application Testing Suite accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0489Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Test Manager for Web Apps). Supported versions that are affected are 12.4.0.2 and 12.5.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Testing Suite accessible data as well as read access to a subset of Oracle Application Testing Suite accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Application Testing Suite.

CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory]
CVE-2016-0490Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Test Manager for Web Apps). Supported versions that are affected are 12.4.0.2 and 12.5.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Testing Suite accessible data as well as read access to a subset of Oracle Application Testing Suite accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0491Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Load Testing for Web Apps). Supported versions that are affected are 12.4.0.2 and 12.5.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Application Testing Suite accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Application Testing Suite.

CVSS Base Score 6.4 (Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:P). (legend) [Advisory]
CVE-2016-0492Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Load Testing for Web Apps). Supported versions that are affected are 12.4.0.2 and 12.5.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Testing Suite accessible data as well as read access to a subset of Oracle Application Testing Suite accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]

 

Text Form of Risk Matrix for Oracle E-Business Suite


This table provides the text form of the Risk Matrix for Oracle E-Business Suite.

CVE IdentifierDescription
CVE-2015-3195Vulnerability in the Oracle HTTP Server component of Oracle E-Business Suite (subcomponent: Open SSL). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-4926Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: UIX). Supported versions that are affected are 11.5.10.2, 12.1 and 12.2. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Applications Framework accessible data.

CVSS Base Score 2.6 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2016-0454Vulnerability in the Oracle Mobile Application Servlet component of Oracle E-Business Suite (subcomponent: MWA Server Manager). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Mobile Application Servlet accessible data.

CVSS Base Score 2.1 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2016-0456Vulnerability in the Application Mgmt Pack for E-Business Suite component of Oracle E-Business Suite (subcomponent: REST Framework). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Application Mgmt Pack for E-Business Suite accessible data.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2016-0457Vulnerability in the Application Mgmt Pack for E-Business Suite component of Oracle E-Business Suite (subcomponent: REST Framework). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Application Mgmt Pack for E-Business Suite accessible data.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2016-0459Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup Windows). Supported versions that are affected are 11.5.10.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Applications Framework accessible data.

CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2016-0507Vulnerability in the Oracle iReceivables component of Oracle E-Business Suite (subcomponent: AR Web Utilities). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle iReceivables accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2016-0509Vulnerability in the Oracle Internet Expenses component of Oracle E-Business Suite (subcomponent: AP Web Utilities). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Internet Expenses accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2016-0510Vulnerability in the Oracle E-Business Intelligence component of Oracle E-Business Suite (subcomponent: Business Views Catalog). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle E-Business Intelligence accessible data as well as read access to all Oracle E-Business Intelligence accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0511Vulnerability in the Oracle E-Business Intelligence component of Oracle E-Business Suite (subcomponent: Common Components). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle E-Business Intelligence accessible data as well as read access to all Oracle E-Business Intelligence accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0512Vulnerability in the Oracle Human Resources component of Oracle E-Business Suite (subcomponent: Self Service - Common Modules ). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Human Resources accessible data as well as read access to all Oracle Human Resources accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0513Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: BIS Common Components). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle CRM Technical Foundation accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2016-0514Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: BIS Common Components). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle CRM Technical Foundation accessible data as well as read access to all Oracle CRM Technical Foundation accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0515Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: BIS Common Components). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle CRM Technical Foundation accessible data as well as read access to all Oracle CRM Technical Foundation accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0516Vulnerability in the Oracle Quality component of Oracle E-Business Suite (subcomponent: QA / Order Management Integration). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Quality accessible data as well as read access to all Oracle Quality accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0517Vulnerability in the Oracle Human Resources component of Oracle E-Business Suite (subcomponent: General utilities). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Human Resources accessible data as well as read access to all Oracle Human Resources accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0518Vulnerability in the Oracle Human Resources component of Oracle E-Business Suite (subcomponent: General utilities). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Human Resources accessible data as well as read access to all Oracle Human Resources accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0519Vulnerability in the Oracle iReceivables component of Oracle E-Business Suite (subcomponent: AR Web Utilities). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle iReceivables accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2016-0520Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Java APIs). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Object Library accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2016-0521Vulnerability in the Oracle iProcurement component of Oracle E-Business Suite (subcomponent: Redirection). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle iProcurement accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2016-0523Vulnerability in the Oracle Interaction Blending component of Oracle E-Business Suite (subcomponent: Blending Administration). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Interaction Blending accessible data as well as read access to all Oracle Interaction Blending accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0524Vulnerability in the Oracle Universal Work Queue component of Oracle E-Business Suite (subcomponent: Work Provider Administration). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Universal Work Queue accessible data as well as read access to all Oracle Universal Work Queue accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0525Vulnerability in the Oracle Universal Work Queue component of Oracle E-Business Suite (subcomponent: Work Provider Administration). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Universal Work Queue accessible data as well as read access to all Oracle Universal Work Queue accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0526Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Wireless Framework). Supported versions that are affected are 11.5.10.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle CRM Technical Foundation accessible data.

CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2016-0527Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: User GUI). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Customer Interaction History accessible data as well as read access to a subset of Oracle Customer Interaction History accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0528Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: User GUI). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Customer Interaction History accessible data as well as read access to a subset of Oracle Customer Interaction History accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0529Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: User GUI). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Customer Interaction History accessible data as well as read access to a subset of Oracle Customer Interaction History accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0530Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: User GUI). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Customer Interaction History accessible data as well as read access to a subset of Oracle Customer Interaction History accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0531Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: Oracle Diagnostics Interfaces). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Applications Manager accessible data.

CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2016-0532Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Security Assignments). Supported versions that are affected are 11.5.10.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle CRM Technical Foundation accessible data as well as read access to a subset of Oracle CRM Technical Foundation accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0533Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Messaging). Supported versions that are affected are 11.5.10.2 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle CRM Technical Foundation accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2016-0534Vulnerability in the Oracle Project Contracts component of Oracle E-Business Suite (subcomponent: Printing). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Project Contracts accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2016-0536Vulnerability in the Oracle Universal Work Queue component of Oracle E-Business Suite (subcomponent: Error Messages). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Universal Work Queue accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2016-0537Vulnerability in the Oracle Human Resources component of Oracle E-Business Suite (subcomponent: Person). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Human Resources accessible data as well as read access to all Oracle Human Resources accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0538Vulnerability in the Oracle Financial Consolidation Hub component of Oracle E-Business Suite (subcomponent: Business Intelligence). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Financial Consolidation Hub accessible data.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2016-0539Vulnerability in the Oracle Report Manager component of Oracle E-Business Suite (subcomponent: Report Display). Supported versions that are affected are 11.5.10.2, 12.1.3, 12.2.3 and 12.2.4. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Report Manager accessible data.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2016-0542Vulnerability in the Oracle Field Service component of Oracle E-Business Suite (subcomponent: Field Service Map). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Field Service accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2016-0543Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: Preview). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Marketing accessible data as well as read access to all Oracle Marketing accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0544Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: Architecture). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Marketing accessible data as well as read access to all Oracle Marketing accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0545Vulnerability in the Oracle Customer Intelligence component of Oracle E-Business Suite (subcomponent: Data Issues). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Customer Intelligence accessible data as well as read access to all Oracle Customer Intelligence accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0547Vulnerability in the Oracle E-Business Intelligence component of Oracle E-Business Suite (subcomponent: Common Components). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle E-Business Intelligence accessible data as well as read access to all Oracle E-Business Intelligence accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0548Vulnerability in the Oracle E-Business Intelligence component of Oracle E-Business Suite (subcomponent: Common Components). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle E-Business Intelligence accessible data as well as read access to all Oracle E-Business Intelligence accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0549Vulnerability in the Oracle E-Business Intelligence component of Oracle E-Business Suite (subcomponent: Common Components). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle E-Business Intelligence accessible data as well as read access to all Oracle E-Business Intelligence accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0550Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: CRM HTML Administration). Supported versions that are affected are 11.5.10.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle CRM Technical Foundation accessible data as well as read access to all Oracle CRM Technical Foundation accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0551Vulnerability in the Oracle Customer Intelligence component of Oracle E-Business Suite (subcomponent: Data Issues). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Customer Intelligence accessible data as well as read access to all Oracle Customer Intelligence accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0552Vulnerability in the Oracle Customer Intelligence component of Oracle E-Business Suite (subcomponent: Data Issues). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Customer Intelligence accessible data as well as read access to all Oracle Customer Intelligence accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0553Vulnerability in the Oracle E-Business Intelligence component of Oracle E-Business Suite (subcomponent: Definition). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle E-Business Intelligence accessible data as well as read access to all Oracle E-Business Intelligence accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0554Vulnerability in the Oracle Interaction Center Intelligence component of Oracle E-Business Suite (subcomponent: Business Intelligence). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Interaction Center Intelligence accessible data as well as read access to all Oracle Interaction Center Intelligence accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0555Vulnerability in the Oracle CADView-3D component of Oracle E-Business Suite (subcomponent: Studio). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle CADView-3D accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2016-0556Vulnerability in the Oracle Advanced Collections component of Oracle E-Business Suite (subcomponent: Administration). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Advanced Collections accessible data as well as read access to all Oracle Advanced Collections accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0557Vulnerability in the Oracle Advanced Collections component of Oracle E-Business Suite (subcomponent: Administration). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Advanced Collections accessible data as well as read access to all Oracle Advanced Collections accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0558Vulnerability in the Oracle Service Contracts component of Oracle E-Business Suite (subcomponent: Renewals). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Service Contracts accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2016-0559Vulnerability in the Oracle Customer Intelligence component of Oracle E-Business Suite (subcomponent: Data Issues). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Customer Intelligence accessible data as well as read access to all Oracle Customer Intelligence accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0560Vulnerability in the Oracle Customer Intelligence component of Oracle E-Business Suite (subcomponent: Data Issues). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Customer Intelligence accessible data as well as read access to all Oracle Customer Intelligence accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0561Vulnerability in the Oracle E-Business Intelligence component of Oracle E-Business Suite (subcomponent: Definition). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle E-Business Intelligence accessible data as well as read access to all Oracle E-Business Intelligence accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0562Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: CRM User Management Framework). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Common Applications accessible data.

CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2016-0563Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Common Techstack). Supported versions that are affected are 11.5.10.2 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle CRM Technical Foundation accessible data as well as read access to all Oracle CRM Technical Foundation accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0564Vulnerability in the Oracle E-Business Intelligence component of Oracle E-Business Suite (subcomponent: Overview Page/Report Rendering). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle E-Business Intelligence accessible data as well as read access to all Oracle E-Business Intelligence accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0565Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: Marketing Administration). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Marketing accessible data.

CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2016-0566Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: Deliverables). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 and 12.2.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Marketing accessible data.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2016-0567Vulnerability in the Oracle E-Business Intelligence component of Oracle E-Business Suite (subcomponent: Embedded Data Warehouse). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle E-Business Intelligence accessible data.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2016-0568Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: Server Components). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Email Center accessible data.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2016-0569Vulnerability in the Oracle E-Business Intelligence component of Oracle E-Business Suite (subcomponent: Overview Page/Report Rendering). Supported versions that are affected are 11.5.10.2, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle E-Business Intelligence accessible data.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2016-0570Vulnerability in the Oracle HCM Configuration Workbench component of Oracle E-Business Suite (subcomponent: Internal Operations). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle HCM Configuration Workbench accessible data.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2016-0571Vulnerability in the Oracle Balanced Scorecard component of Oracle E-Business Suite (subcomponent: Scorecard Security). Supported versions that are affected are 11.5.10.2 and 12.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Balanced Scorecard accessible data.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2016-0575Vulnerability in the Oracle Learning Management component of Oracle E-Business Suite (subcomponent: OTA Self Service). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Learning Management accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2016-0576Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: ICX LOVs). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Application Object Library accessible data as well as read access to all Oracle Application Object Library accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0578Vulnerability in the Oracle CRM Technology Foundation component of Oracle E-Business Suite (subcomponent: BIS Common Components). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle CRM Technology Foundation accessible data as well as read access to all Oracle CRM Technology Foundation accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0579Vulnerability in the Oracle CRM Technology Foundation component of Oracle E-Business Suite (subcomponent: BIS Common Components). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle CRM Technology Foundation accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2016-0580Vulnerability in the Oracle Report Manager component of Oracle E-Business Suite (subcomponent: Publishing). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Report Manager.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2016-0581Vulnerability in the Oracle Approvals Management component of Oracle E-Business Suite (subcomponent: AME Page rendering). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Approvals Management accessible data as well as read access to all Oracle Approvals Management accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0582Vulnerability in the Oracle CRM Technology Foundation component of Oracle E-Business Suite (subcomponent: BIS Common Components). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle CRM Technology Foundation accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2016-0583Vulnerability in the Oracle CRM Technology Foundation component of Oracle E-Business Suite (subcomponent: BIS Common Components). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle CRM Technology Foundation accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2016-0584Vulnerability in the Oracle CRM Technology Foundation component of Oracle E-Business Suite (subcomponent: BIS Common Components). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle CRM Technology Foundation accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2016-0585Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: ICX Error). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Application Object Library.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2016-0586Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: iHelp). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Object Library accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2016-0588Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Consolidation Hierarchy Viewer). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle General Ledger accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2016-0589Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Menu). The supported version that is affected is 11.5.10.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Application Object Library accessible data as well as read access to all Oracle Application Object Library accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]

 

Text Form of Risk Matrix for Oracle Supply Chain Products Suite


This table provides the text form of the Risk Matrix for Oracle Supply Chain Products Suite.

CVE IdentifierDescription
CVE-2015-4924Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.1.1, 9.3.1.2, 9.3.2 and 9.3.3. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Agile PLM accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2016-0497Vulnerability in the Oracle Agile Engineering Data Management component of Oracle Supply Chain Products Suite (subcomponent: Web Client). Supported versions that are affected are 6.1.2.2, 6.1.3.0 and 6.2.0.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Agile Engineering Data Management accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2016-0498Vulnerability in the Oracle Agile Engineering Data Management component of Oracle Supply Chain Products Suite (subcomponent: Install). Supported versions that are affected are 6.1.2.2, 6.1.3.0 and 6.2.0.0. Difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized read access to all Oracle Agile Engineering Data Management accessible data.

CVSS Base Score 1.5 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2016-0540Vulnerability in the Oracle Configurator component of Oracle Supply Chain Products Suite (subcomponent: UI Servlet). Supported versions that are affected are 11.5.10.2, 12.1 and 12.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Configurator accessible data.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2016-0541Vulnerability in the Oracle Configurator component of Oracle Supply Chain Products Suite (subcomponent: UI Servlet). Supported versions that are affected are 11.5.10.2, 12.1 and 12.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Configurator accessible data.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]

 

Text Form of Risk Matrix for Oracle PeopleSoft Products


This table provides the text form of the Risk Matrix for Oracle PeopleSoft Products.

CVE IdentifierDescription
CVE-2016-0409Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Switzerland component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 9.1 and 9.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM Global Payroll Switzerland accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2016-0412Vulnerability in the PeopleSoft Enterprise SCM eProcurement component of Oracle PeopleSoft Products (subcomponent: Manage Requisition Status). Supported versions that are affected are 9.1 and 9.2. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise SCM eProcurement accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2016-0460Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Homepage and NavBar). The supported version that is affected is 8.55. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data.

CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2016-0462Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Multichannel Framework). Supported versions that are affected are 8.53 and 8.54. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2016-0463Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.53, 8.54 and 8.55. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data.

CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2016-0471Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Multichannel Framework). Supported versions that are affected are 8.53 and 8.54. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data.

CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2016-0473Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Core). Supported versions that are affected are 8.54 and 8.55. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2016-0474Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.54 and 8.55. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2016-0587Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: File Processing). Supported versions that are affected are 8.53, 8.54 and 8.55. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2016-0590Vulnerability in the PeopleSoft Enterprise SCM Order Management component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 9.1 and 9.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise SCM Order Management accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2016-0591Vulnerability in the PeopleSoft Enterprise SCM Purchasing component of Oracle PeopleSoft Products (subcomponent: Supplier Change). Supported versions that are affected are 9.1 and 9.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise SCM Purchasing accessible data as well as read access to a subset of PeopleSoft Enterprise SCM Purchasing accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]

 

Text Form of Risk Matrix for Oracle JD Edwards Products


This table provides the text form of the Risk Matrix for Oracle JD Edwards Products.

CVE IdentifierDescription
CVE-2015-4919Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Monitoring and Diagnostics SEC). Supported versions that are affected are 9.1 and 9.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized takeover of JD Edwards EnterpriseOne Tools possibly including arbitrary code execution within the JD Edwards EnterpriseOne Tools.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2016-0420Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Monitoring and Diagnostics). Supported versions that are affected are 9.1 and 9.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 7.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2016-0421Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Monitoring and Diagnostics SEC). Supported versions that are affected are 9.1 and 9.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2016-0422Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Enterprise Infrastructure SEC). Supported versions that are affected are 9.1 and 9.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 7.1 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2016-0423Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Enterprise Infrastructure SEC). Supported versions that are affected are 9.1 and 9.2. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized write access to any arbitrary Operating System location as well as read access to any arbitrary Operating System location and ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools.

CVSS Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:P). (legend) [Advisory]
CVE-2016-0424Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Enterprise Infrastructure SEC). Supported versions that are affected are 9.1 and 9.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 7.1 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2016-0425Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Monitoring and Diagnostics). Supported versions that are affected are 9.1 and 9.2. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized takeover of JD Edwards EnterpriseOne Tools possibly including arbitrary code execution within the JD Edwards EnterpriseOne Tools.

CVSS Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P). (legend) [Advisory]

 

Text Form of Risk Matrix for Oracle iLearning


This table provides the text form of the Risk Matrix for Oracle iLearning.

CVE IdentifierDescription
CVE-2016-0508Vulnerability in the Oracle iLearning component of Oracle iLearning (subcomponent: Learner Administration). Supported versions that are affected are 6.0 and 6.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle iLearning accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]

 

Text Form of Risk Matrix for Oracle Communications Applications


This table provides the text form of the Risk Matrix for Oracle Communications Applications.

CVE IdentifierDescription
CVE-2014-0050Vulnerability in the Oracle Communications Service Broker component of Oracle Communications Applications (subcomponent: Apache Commons FileUpLoad). Supported versions that are affected are 6.0 and 6.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP, but can only be launched from an adjacent network. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Communications Service Broker accessible data as well as read access to a subset of Oracle Communications Service Broker accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Communications Service Broker.

CVSS Base Score 5.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:A/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2014-0050Vulnerability in the Oracle Communications Service Broker Engineered System Edition component of Oracle Communications Applications (subcomponent: Apache Commons FileUpLoad). The supported version that is affected is 6.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Communications Service Broker Engineered System Edition accessible data as well as read access to a subset of Oracle Communications Service Broker Engineered System Edition accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2014-0050Vulnerability in the Oracle Communications Converged Application Server - Service Controller component of Oracle Communications Applications (subcomponent: Apache Commons FileUpLoad). The supported version that is affected is 6.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP, but can only be launched from an adjacent network. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Communications Converged Application Server - Service Controller accessible data as well as read access to a subset of Oracle Communications Converged Application Server - Service Controller accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Communications Converged Application Server - Service Controller.

CVSS Base Score 5.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:A/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2014-0050Vulnerability in the Oracle Communications Online Mediation Controller component of Oracle Communications Applications (subcomponent: Apache Commons FileUpLoad). The supported version that is affected is 6.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP, but can only be launched from an adjacent network. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Communications Online Mediation Controller accessible data as well as read access to a subset of Oracle Communications Online Mediation Controller accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Communications Online Mediation Controller.

CVSS Base Score 5.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:A/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2015-0235Vulnerability in the Oracle Communications EAGLE LNP Application Processor component of Oracle Communications Applications (subcomponent: Glibc). The supported version that is affected is 10.0. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Communications EAGLE LNP Application Processor accessible data as well as read access to a subset of Oracle Communications EAGLE LNP Application Processor accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Communications EAGLE LNP Application Processor.

CVSS Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P). (legend) [Advisory]

 

Text Form of Risk Matrix for Oracle Retail Applications


This table provides the text form of the Risk Matrix for Oracle Retail Applications.

CVE IdentifierDescription
CVE-2016-0434Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: Mobile POS). Supported versions that are affected are 13.4, 14.0 and 14.1. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Point-of-Service accessible data.

CVSS Base Score 1.9 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2016-0435Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: Mobile POS). Supported versions that are affected are 13.4, 14.0 and 14.1. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Retail Point-of-Service accessible data as well as read access to all Oracle Retail Point-of-Service accessible data.

CVSS Base Score 3.3 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0436Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: Mobile POS). Supported versions that are affected are 13.4, 14.0 and 14.1. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Point-of-Service accessible data.

CVSS Base Score 1.9 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2016-0437Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: Mobile POS). Supported versions that are affected are 13.4, 14.0 and 14.1. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Point-of-Service accessible data.

CVSS Base Score 1.9 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2016-0438Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: Mobile POS). Supported versions that are affected are 13.4, 14.0 and 14.1. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Point-of-Service accessible data.

CVSS Base Score 1.9 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2016-0496Vulnerability in the MICROS CWDirect component of Oracle Retail Applications (subcomponent: Order Entry). Supported versions that are affected are 12.5, 13.0, 14.0, 15.0, 16.0 and 17.0 18.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of MICROS CWDirect accessible data.

CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2016-0500Vulnerability in the Oracle Retail Order Broker Cloud Service component of Oracle Retail Applications (subcomponent: System Administration). Supported versions that are affected are 4.0 and 4.1.. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized takeover of Oracle Retail Order Broker Cloud Service possibly including arbitrary code execution within the Oracle Retail Order Broker Cloud Service.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2016-0506Vulnerability in the Oracle Retail Order Management System Cloud Service component of Oracle Retail Applications (subcomponent: Order Entry). Supported versions that are affected are 3.5, 4.5, 4.7, 5.0 and 15.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Order Management System Cloud Service accessible data.

CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2016-0522Vulnerability in the Oracle Retail Open Commerce Platform Cloud Service component of Oracle Retail Applications (subcomponent: Framework). Supported versions that are affected are 3.5, 4.5, 4.7 and 5.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized takeover of Oracle Retail Open Commerce Platform Cloud Service possibly including arbitrary code execution within the Oracle Retail Open Commerce Platform Cloud Service.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]

 

Text Form of Risk Matrix for Oracle Java SE


This table provides the text form of the Risk Matrix for Oracle Java SE.

CVE IdentifierDescription
CVE-2015-7575Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u105, 7u91 and 8u66; Java SE Embedded: 8u65; JRockit: R28.3.8. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, Java SE Embedded, JRockit accessible data as well as read access to a subset of Java SE, Java SE Embedded, JRockit accessible data.

Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.

CVSS Base Score 4.0 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2015-8126Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u105, 7u91 and 8u66; Java SE Embedded: 8u65. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2016-0402Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u105, 7u91 and 8u66; Java SE Embedded: 8u65. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, Java SE Embedded accessible data.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2016-0448Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u105, 7u91 and 8u66; Java SE Embedded: 8u65. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2016-0466Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u105, 7u91 and 8u66; Java SE Embedded: 8u65; JRockit: R28.3.8. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.

Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2016-0475Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u66; Java SE Embedded: 8u65; JRockit: R28.3.8. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, Java SE Embedded, JRockit accessible data as well as read access to a subset of Java SE, Java SE Embedded, JRockit accessible data.

Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.

CVSS Base Score 5.8 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2016-0483Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u105, 7u91 and 8u66; Java SE Embedded: 8u65; JRockit: R28.3.8. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.

CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2016-0494Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u105, 7u91 and 8u66; Java SE Embedded: 8u65. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]

 

Text Form of Risk Matrix for Oracle Sun Systems Products Suite


This table provides the text form of the Risk Matrix for Oracle Sun Systems Products Suite.

CVE IdentifierDescription
CVE-2015-1793Vulnerability in the Oracle Switch ES1-24 component of Oracle Sun Systems Products Suite (subcomponent: Firmware). The supported version that is affected is Versions prior to 1.3.1.13. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Switch ES1-24 accessible data as well as read access to a subset of Oracle Switch ES1-24 accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2015-4920Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: NDMP Backup Service). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data.

Note: Unsupported Solaris 11.x versions should be upgraded to a supported release or patch set. Refer to the Critical Patch Update January 2015 Patch Availability Document for Oracle Sun Systems Products Suite.

CVSS Base Score 2.1 (Integrity impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2015-4922Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Boot). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris.

Note: Unsupported Solaris 11.x versions should be upgraded to a supported release or patch set. Refer to the Critical Patch Update January 2015 Patch Availability Document for Oracle Sun Systems Products Suite.

CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2015-8370Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Grub2). The supported version that is affected is 11. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2016-0403Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: SMB Utilities). The supported version that is affected is 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via SMB. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

Note: Unsupported Solaris 11.x versions should be upgraded to a supported release or patch set. Refer to the Critical Patch Update January 2015 Patch Availability Document for Oracle Sun Systems Products Suite.

CVSS Base Score 7.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2016-0405Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: Cluster Manageability and Serviceability). Supported versions that are affected are 3.3 and 4. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized read access to a subset of Solaris Cluster accessible data.

CVSS Base Score 1.7 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2016-0406Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Libc Library). The supported version that is affected is 11. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris.

CVSS Base Score 3.3 (Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P). (legend) [Advisory]
CVE-2016-0414Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Solaris Kernel Zones). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Unsupported Solaris 11.x versions should be upgraded to a supported release or patch set. Refer to the Critical Patch Update January 2015 Patch Availability Document for Oracle Sun Systems Products Suite.

CVSS Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2016-0416Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: System Archive Utility). The supported version that is affected is 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data.

Note: Unsupported Solaris 11.x versions should be upgraded to a supported release or patch set. Refer to the Critical Patch Update January 2015 Patch Availability Document for Oracle Sun Systems Products Suite.

CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2016-0417Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: HA for MySQL). Supported versions that are affected are 3.3 and 4.2. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris Cluster accessible data as well as read access to a subset of Solaris Cluster accessible data and ability to cause a partial denial of service (partial DOS) of Solaris Cluster.

CVSS Base Score 4.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2016-0418Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Solaris Kernel Zones). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS) as well as update, insert or delete access to some Solaris accessible data and read access to a subset of Solaris accessible data.

Note: Unsupported Solaris 11.x versions should be upgraded to a supported release or patch set. Refer to the Critical Patch Update January 2015 Patch Availability Document for Oracle Sun Systems Products Suite.

CVSS Base Score 6.1 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:C). (legend) [Advisory]
CVE-2016-0419Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Solaris Kernel Zones). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

Note: Unsupported Solaris 11.x versions should be upgraded to a supported release or patch set. Refer to the Critical Patch Update January 2015 Patch Availability Document for Oracle Sun Systems Products Suite.

CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2016-0426Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Solaris Kernel Zones). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris.

Note: Unsupported Solaris 11.x versions should be upgraded to a supported release or patch set. Refer to the Critical Patch Update January 2015 Patch Availability Document for Oracle Sun Systems Products Suite.

CVSS Base Score 3.6 (Confidentiality and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:P). (legend) [Advisory]
CVE-2016-0428Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Verified Boot). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

Note: Unsupported Solaris 11.x versions should be upgraded to a supported release or patch set. Refer to the Critical Patch Update January 2015 Patch Availability Document for Oracle Sun Systems Products Suite.

CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2016-0431Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Solaris Kernel Zones). The supported version that is affected is 11. Very difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris.

Note: Unsupported Solaris 11.x versions should be upgraded to a supported release or patch set. Refer to the Critical Patch Update January 2015 Patch Availability Document for Oracle Sun Systems Products Suite.

CVSS Base Score 1.2 (Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2016-0440Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: NFSv4). The supported version that is affected is 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via NFS. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 7.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2016-0458Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel DAX). The supported version that is affected is 11. Very difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2016-0465Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: Resource Group Manager). Supported versions that are affected are 3.3 and 4. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2016-0493Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Cryptography). The supported version that is affected is 11. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris.

CVSS Base Score 3.3 (Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P). (legend) [Advisory]
CVE-2016-0535Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RPC). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows successful unauthenticated network attacks via RPC. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris.

CVSS Base Score 4.3 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2016-0618Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Zones). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System plus additional, multiple logins to components. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized read access to a subset of Solaris accessible data.

CVSS Base Score 1.4 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:M/C:P/I:N/A:N). (legend) [Advisory]

 

Text Form of Risk Matrix for Oracle Virtualization


This table provides the text form of the Risk Matrix for Oracle Virtualization.

CVE IdentifierDescription
CVE-2015-3183Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: Apache HTTP Server). Supported versions that are affected are 4.63, 4.71 and 5.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Secure Global Desktop accessible data.

CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2015-4000Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: OpenSSL). Supported versions that are affected are 4.63, 4.71 and 5.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Secure Global Desktop accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2015-5307Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are VirtualBox prior to 4.0.36, prior to 4.1.44, prior to 4.2.36, prior to 4.3.34 and prior to 5.0.10. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2015-7183Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are VirtualBox prior to 4.0.36, prior to 4.1.44, prior to 4.2.36, prior to 4.3.34 and prior to 5.0.10. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle VM VirtualBox accessible data as well as read access to a subset of Oracle VM VirtualBox accessible data and ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2015-8104Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are VirtualBox prior to 4.0.36, prior to 4.1.44, prior to 4.2.36, prior to 4.3.34 and prior to 5.0.10. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 4.7 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2016-0495Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are VirtualBox prior to 4.3.36 and prior to 5.0.14. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox.

CVSS Base Score 4.3 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2016-0501Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: SGD Core). The supported version that is affected is 5.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via WebSocket. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Secure Global Desktop.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2016-0592Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are VirtualBox prior to 4.3.36 and prior to 5.0.14. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox.

CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2016-0602Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Windows Installer). The supported version that is affected is VirtualBox prior to 5.0.14. Very difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 6.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:N/C:C/I:C/A:C). (legend) [Advisory]

 

Text Form of Risk Matrix for Oracle MySQL


This table provides the text form of the Risk Matrix for Oracle MySQL.

CVE IdentifierDescription
CVE-2015-7744Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.45 and earlier and 5.6.26 and earlier. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data.

CVSS Base Score 2.6 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2016-0502Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.31 and earlier and 5.6.11 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2016-0503Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.6.27 and earlier and 5.7.9. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2016-0504Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.6.27 and earlier and 5.7.9. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 6.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C). (legend) [Advisory]
CVE-2016-0505Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.46 and earlier, 5.6.27 and earlier and 5.7.9. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 6.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C). (legend) [Advisory]
CVE-2016-0546Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client). Supported versions that are affected are 5.5.46 and earlier, 5.6.27 and earlier and 5.7.9. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: The CVSS score is 7.2 if MySQL client is run with admin or root privileges. Otherwise, CVSS score is 4.6 (Confidentiality, Integrity and Availability is Partial+).

CVSS Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2016-0594Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.6.21 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2016-0595Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.6.27 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2016-0596Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.46 and earlier and 5.6.27 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2016-0597Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.46 and earlier, 5.6.27 and earlier and 5.7.9. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2016-0598Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.46 and earlier, 5.6.27 and earlier and 5.7.9. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2016-0599Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). The supported version that is affected is 5.7.9. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2016-0600Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.5.46 and earlier, 5.6.27 and earlier and 5.7.9. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server.

CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2016-0601Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). The supported version that is affected is 5.7.9. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2016-0605Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: General). Supported versions that are affected are 5.6.26 and earlier. Very difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2016-0606Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.46 and earlier, 5.6.27 and earlier and 5.7.9. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some MySQL Server accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2016-0607Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.27 and earlier and 5.7.9. Difficult to exploit vulnerability allows successful network attacks via multiple protocols, requiring multiple authentications. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 2.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:M/C:N/I:N/A:P). (legend) [Advisory]
CVE-2016-0608Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: UDF). Supported versions that are affected are 5.5.46 and earlier, 5.6.27 and earlier and 5.7.9. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2016-0609Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.46 and earlier, 5.6.27 and earlier and 5.7.9. Very difficult to exploit vulnerability allows successful network attacks via multiple protocols, requiring multiple authentications. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 1.7 (Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:M/C:N/I:N/A:P). (legend) [Advisory]
CVE-2016-0610Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.27 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2016-0611Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.27 and earlier and 5.7.9. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2016-0616Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.46 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]