Text Form of Oracle Critical Patch Update - October 2014 Risk Matrices



This document provides the text form of the CPUOct2014 Advisory Risk Matrices. Please note that the CVE numbers in this document correspond to the same CVE numbers in the CPUOct2014 Advisory

 

This page contains the following text format Risk Matrices:

 

Text Form of Risk Matrix for Oracle Database Server

 


This table provides the text form of the Risk Matrix for Oracle Database Server.

CVE Identifier Description
CVE-2014-0050 Vulnerability in the Application Express component of Oracle Database Server. The supported version that is affected is All releases prior to 4.2.6. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Application Express.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2014-2478 Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4 and 12.1.0.1. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data.

CVSS Base Score 2.6 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2014-4289 Vulnerability in the JDBC component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4 and 12.1.0.1. Very difficult to exploit vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some JDBC accessible data as well as read access to a subset of JDBC accessible data.

CVSS Base Score 3.6 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2014-4290 Vulnerability in the JPublisher component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of JPublisher accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2014-4291 Vulnerability in the JPublisher component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of JPublisher accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2014-4292 Vulnerability in the JPublisher component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of JPublisher accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2014-4293 Vulnerability in the JPublisher component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of JPublisher accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2014-4294 Vulnerability in the Java VM component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java VM accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2014-4295 Vulnerability in the Java VM component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java VM accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2014-4296 Vulnerability in the JPublisher component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of JPublisher accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2014-4297 Vulnerability in the JPublisher component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of JPublisher accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2014-4298 Vulnerability in the SQLJ component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of SQLJ accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2014-4299 Vulnerability in the SQLJ component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of SQLJ accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2014-4300 Vulnerability in the SQLJ component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of SQLJ accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2014-4310 Vulnerability in the JPublisher component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of JPublisher accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2014-6452 Vulnerability in the SQLJ component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of SQLJ accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2014-6453 Vulnerability in the Java VM component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: These vulnerabilities have a CVSS score of 9.0 on Windows and the confidentiality, availability and integrity impacts are Complete. These vulnerabilities have a CVSS score of 6.5 on non-Windows and the confidentiality, availability and integrity impacts are Partial+.

CVSS Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C). (legend) [Advisory]
CVE-2014-6454 Vulnerability in the SQLJ component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of SQLJ accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2014-6455 Vulnerability in the SQLJ component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: These vulnerabilities have a CVSS score of 9.0 on Windows and the confidentiality, availability and integrity impacts are Complete. These vulnerabilities have a CVSS score of 6.5 on non-Windows and the confidentiality, availability and integrity impacts are Partial+.

CVSS Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C). (legend) [Advisory]
CVE-2014-6467 Vulnerability in the Java VM component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: These vulnerabilities have a CVSS score of 9.0 on Windows and the confidentiality, availability and integrity impacts are Complete. These vulnerabilities have a CVSS score of 6.5 on non-Windows and the confidentiality, availability and integrity impacts are Partial+.

CVSS Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C). (legend) [Advisory]
CVE-2014-6477 Vulnerability in the JPublisher component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of JPublisher accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2014-6483 Vulnerability in the Application Express component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. The supported version that is affected is All releases prior to 4.2.6. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Application Express accessible data as well as read access to a subset of Application Express accessible data and ability to cause a partial denial of service (partial DOS) of Application Express.

CVSS Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P). (legend) [Advisory]
CVE-2014-6537 Vulnerability in the Java VM component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java VM accessible data as well as read access to a subset of Java VM accessible data and ability to cause a partial denial of service (partial DOS) of Java VM.

CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory]
CVE-2014-6538 Vulnerability in the Java VM component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java VM accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2014-6542 Vulnerability in the SQLJ component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of SQLJ accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2014-6544 Vulnerability in the JDBC component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4 and 12.1.0.1. Very difficult to exploit vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some JDBC accessible data as well as read access to a subset of JDBC accessible data.

CVSS Base Score 3.6 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2014-6545 Vulnerability in the Java VM component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: These vulnerabilities have a CVSS score of 9.0 on Windows and the confidentiality, availability and integrity impacts are Complete. These vulnerabilities have a CVSS score of 6.5 on non-Windows and the confidentiality, availability and integrity impacts are Partial+.

CVSS Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C). (legend) [Advisory]
CVE-2014-6546 Vulnerability in the JPublisher component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: These vulnerabilities have a CVSS score of 9.0 on Windows and the confidentiality, availability and integrity impacts are Complete. These vulnerabilities have a CVSS score of 6.5 on non-Windows and the confidentiality, availability and integrity impacts are Partial+.

CVSS Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C). (legend) [Advisory]
CVE-2014-6547 Vulnerability in the JPublisher component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of JPublisher accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2014-6560 Vulnerability in the Java VM component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: These vulnerabilities have a CVSS score of 9.0 on Windows and the confidentiality, availability and integrity impacts are Complete. These vulnerabilities have a CVSS score of 6.5 on non-Windows and the confidentiality, availability and integrity impacts are Partial+.

CVSS Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C). (legend) [Advisory]
CVE-2014-6563 Vulnerability in the Java VM component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java VM accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Fusion Middleware

 


This table provides the text form of the Risk Matrix for Oracle Fusion Middleware.

CVE Identifier Description
CVE-2013-1741 Vulnerability in the Oracle OpenSSO component of Oracle Fusion Middleware (subcomponent: Web Agents). Supported versions that are affected are 3.0-04. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized takeover of Oracle OpenSSO possibly including arbitrary code execution within the Oracle OpenSSO.

Note: This fix also addresses CVE-2013-1739,CVE-2013-1740, CVE-2013-5605, CVE-2013-5606,CVE-2014-1490, CVE-2014-1491, CVE-2014-1492.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2014-0050 Vulnerability in the Oracle Endeca Information Discovery Studio component of Oracle Fusion Middleware (subcomponent: Studio). Supported versions that are affected are 2.2.2, 2.3, 2.4, 3.0 and 3.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Endeca Information Discovery Studio.

Note: This fix also addresses CVE-2013-4286,CVE-2013-4322,CVE-2013-4590,CVE-2014-0033.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2014-0114 Security-in-Depth issue in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: ADF Controllers (Struts based)). Supported versions that are affected are 10.1.3.5, 11.1.1.7, 11.1.2.4, 12.1.2.0 and 12.1.3.0.

Note: Please refer to Doc ID My Oracle Support Note 1926728.1 for instructions on how to address this issue. This fix also addresses CVE-2014-0050.

CVSS Base Score 0.0. CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:N). (legend) [Advisory]
CVE-2014-0114 Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: OIM Legacy UI (Struts based)). Supported versions that are affected are 11.1.1.5, 11.1.1.7, 11.1.2.1 and 11.1.2.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Identity Manager accessible data as well as read access to a subset of Oracle Identity Manager accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Identity Manager.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2014-0114 Vulnerability in the Oracle Adaptive Access Manager component of Oracle Fusion Middleware (subcomponent: OAAM Server (Struts based)). Supported versions that are affected are 11.1.1.5, 11.1.1.7, 11.1.2.1 and 11.1.2.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Adaptive Access Manager accessible data as well as read access to a subset of Oracle Adaptive Access Manager accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Adaptive Access Manager.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2014-0114 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS-Console (Struts based)). Supported versions that are affected are 10.0.2.0, 10.3.6.0, 12.1.1.0, 12.1.2.0 and 12.1.3.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized takeover of Oracle WebLogic Server possibly including arbitrary code execution within the Oracle WebLogic Server.

CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory]
CVE-2014-0114 Vulnerability in the Oracle Enterprise Data Quality component of Oracle Fusion Middleware (subcomponent: Launchpad (Struts based)). Supported versions that are affected are 8.1.2 and 9.0.11. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Enterprise Data Quality accessible data as well as read access to a subset of Oracle Enterprise Data Quality accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Data Quality.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2014-0119 Vulnerability in the Oracle Enterprise Data Quality component of Oracle Fusion Middleware (subcomponent: Internal Operations). Supported versions that are affected are 8.1.2 and 9.0.11. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Enterprise Data Quality accessible data.

Note: This fix also addresses CVE-2013-4286,CVE-2013-4322,CVE-2013-4590,CVE-2014-0033,CVE-2014-0050,CVE-2014-0075,CVE-2014-0095,CVE-2014-0096.

CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2014-0224 Vulnerability in the Oracle Endeca Information Discovery Studio component of Oracle Fusion Middleware (subcomponent: Studio). The supported version that is affected is 3.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Endeca Information Discovery Studio accessible data as well as read access to a subset of Oracle Endeca Information Discovery Studio accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Endeca Information Discovery Studio.

Note: This fix also addresses CVE-2014-3470,CVE-2010-5298,CVE-2014-0221,CVE-2014-0195,CVE-2014-0198.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2014-2880 Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: User Management). Supported versions that are affected are 11.1.1.5, 11.1.1.7, 11.1.2.1 and 11.1.2.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Identity Manager accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2014-6462 Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Admin Console). Supported versions that are affected are 11.1.2.1 and 11.1.2.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Access Manager accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2014-6487 Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: End User Self Service). Supported versions that are affected are 11.1.1.5, 11.1.1.7, 11.1.2.1 and 11.1.2.2. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Identity Manager accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2014-6499 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WebLogic Tuxedo Connector). Supported versions that are affected are 10.0.2.0, 10.3.6.0, 12.1.1.0, 12.1.2.0 and 12.1.3.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebLogic Server accessible data as well as read access to a subset of Oracle WebLogic Server accessible data and ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server.

Note: Please refer to Doc ID My Oracle Support Note 1930466.1 for instructions on how to address this issue.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2014-6522 Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: ADF Faces). Supported versions that are affected are 11.1.1.7, 11.1.2.4, 12.1.2.0 and 12.1.3.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle JDeveloper accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2014-6534 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Console). Supported versions that are affected are 10.0.2.0, 10.3.6.0, 12.1.1.0, 12.1.2.0 and 12.1.3.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle WebLogic Server accessible data.

CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2014-6552 Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Admin Console). Supported versions that are affected are 11.1.1.5, 11.1.1.7, 11.1.2.1 and 11.1.2.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Access Manager accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2014-6553 Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Admin Console). Supported versions that are affected are 11.1.1.5 and 11.1.1.7. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Access Manager accessible data as well as read access to a subset of Oracle Access Manager accessible data.

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2014-6554 Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Admin Console). Supported versions that are affected are 11.1.2.1 and 11.1.2.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Access Manager accessible data as well as read access to a subset of Oracle Access Manager accessible data.

CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Enterprise Manager Grid Control

 


This table provides the text form of the Risk Matrix for Oracle Enterprise Manager Grid Control.

CVE Identifier Description
CVE-2014-6488 Vulnerability in the Enterprise Manager for Oracle Database component of Oracle Enterprise Manager Grid Control (subcomponent: Content Management). Supported versions that are affected are EM Base Platform: 10.2.0.5, 11.1.0.1 EM DB Control: 11.1.0.7, 11.2.0.3, 11.2.0.4 EM Plugin for DB: 12.1.0.4, 12.1.0.5 and 12.1.0.6. Very difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager for Oracle Database accessible data.

CVSS Base Score 2.1 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2014-6557 Vulnerability in the Application Performance Management component of Oracle Enterprise Manager Grid Control (subcomponent: End User Experience Management). The supported version that is affected is All releases prior to 12.1.0.6.2. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Application Performance Management accessible data as well as read access to a subset of Application Performance Management accessible data.

CVSS Base Score 4.9 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle E-Business Suite

 


This table provides the text form of the Risk Matrix for Oracle E-Business Suite.

CVE Identifier Description
CVE-2014-4278 Vulnerability in the Oracle Applications Technology Stack component of Oracle E-Business Suite (subcomponent: Oracle Forms). Supported versions that are affected are 12.0.6, 12.1.3, 12.2.2, 12.2.3 and 12.2.4. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized takeover of Oracle Applications Technology Stack possibly including arbitrary code execution within the Oracle Applications Technology Stack.

Note: This is an Oracle E-Business Suite specific fix in Oracle Fusion Middleware.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2014-4281 Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Portal Integration). Supported versions that are affected are 12.1.3, 12.2.2, 12.2.3 and 12.2.4. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Applications Framework accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2014-4285 Vulnerability in the Oracle Applications Technology component of Oracle E-Business Suite (subcomponent: Reports Configuration). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Applications Technology accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2014-6471 Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: OAM Diagnostics). Supported versions that are affected are 12.0.6, 12.1.3, 12.2.2, 12.2.3 and 12.2.4. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Applications Manager accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2014-6472 Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: LOV). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3 and 12.2.4. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Applications Framework accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2014-6479 Vulnerability in the Oracle Applications Technology component of Oracle E-Business Suite (subcomponent: OC4J Configuration). Supported versions that are affected are 11.5.10.2, 12.0.6 and 12.1.3. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Technology accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2014-6523 Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: REST Interface). Supported versions that are affected are 12.1.3, 12.2.2, 12.2.3 and 12.2.4. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Framework accessible data.

CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2014-6539 Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: LOV). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3 and 12.2.4. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Applications Framework accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2014-6550 Vulnerability in the Oracle Applications Object Library component of Oracle E-Business Suite (subcomponent: iHelp). The supported version that is affected is 11.5.10.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Applications Object Library accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2014-6561 Vulnerability in the Oracle Payments component of Oracle E-Business Suite (subcomponent: Separate Remittance Advice ). Supported versions that are affected are 12.0.4, 12.0.6, 12.1.1,12.1.2, 12.1.3, 12.2.2, 12.2.3 and 12.2.4. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Payments accessible data.

CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Supply Chain Products Suite

 


This table provides the text form of the Risk Matrix for Oracle Supply Chain Products Suite.

CVE Identifier Description
CVE-2014-6461 Vulnerability in the Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Roles & Privileges). The supported version that is affected is 9.3.1.2. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Agile PLM accessible data as well as read access to all Agile PLM accessible data.

CVSS Base Score 4.9 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2014-6498 Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 6.1, 6.2, 6.3, 6.3.1, 6.3.2, 6.3.3, 6.3.4 and 6.3.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Transportation Management accessible data.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2014-6533 Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 6.1 and 6.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Transportation Management accessible data as well as read access to a subset of Oracle Transportation Management accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Transportation Management.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2014-6536 Vulnerability in the Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). The supported version that is affected is 9.3.3. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Agile PLM accessible data.

CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2014-6543 Vulnerability in the Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: ITEM (Item & BOM)). The supported version that is affected is 9.3.3. Very difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Agile PLM accessible data as well as read access to a subset of Agile PLM accessible data.

CVSS Base Score 3.6 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:P/I:P/A:N). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle PeopleSoft Products

 


This table provides the text form of the Risk Matrix for Oracle PeopleSoft Products.

CVE Identifier Description
CVE-2014-6460 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: QUERY). Supported versions that are affected are 8.52, 8.53 and 8.54. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all PeopleSoft Enterprise PeopleTools accessible data as well as read access to all PeopleSoft Enterprise PeopleTools accessible data.

CVSS Base Score 4.9 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N). (legend) [Advisory]
CVE-2014-6475 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 8.52, 8.53 and 8.54. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data.

CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory]
CVE-2014-6482 Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: Updates Change Assistant). Supported versions that are affected are 8.53 and 8.54. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PT PeopleTools accessible data.

CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2014-6486 Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: Talent Acquisition Manager - Security). The supported version that is affected is 9.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTPS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise HRMS accessible data.

CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory]
CVE-2014-6535 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: SECURITY). Supported versions that are affected are 8.52, 8.53 and 8.54. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft Enterprise PeopleTools accessible data as well as read access to a subset of PeopleSoft Enterprise PeopleTools accessible data.

CVSS Base Score 5.8 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle JD Edwards Products

 


This table provides the text form of the Risk Matrix for Oracle JD Edwards Products.

CVE Identifier Description
CVE-2014-6516 Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Installation SEC). The supported version that is affected is 8.98. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized takeover of JD Edwards EnterpriseOne Tools possibly including arbitrary code execution within the JD Edwards EnterpriseOne Tools.

CVSS Base Score 4.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Communications Applications

 


This table provides the text form of the Risk Matrix for Oracle Communications Applications.

CVE Identifier Description
CVE-2014-0114 Vulnerability in the Oracle Communications MetaSolv Solution component of Oracle Communications Applications (subcomponent: Infrastructure, LSR, ASR (Struts based)). Supported versions that are affected are MetaSolv Solution: 6.2.1.0.0, LSR: 9.4.0, 10.1.0 and ASR: 49.0.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Communications MetaSolv Solution accessible data as well as read access to a subset of Oracle Communications MetaSolv Solution accessible data and ability to cause a partial denial of service (partial DOS) of Oracle Communications MetaSolv Solution.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2014-6465 Vulnerability in the Oracle Communications Session Border Controller component of Oracle Communications Applications (subcomponent: Lawful Intercept ). The supported version that is affected is SCX640m5. Difficult to exploit vulnerability allows successful authenticated network attacks via TCP/TLS. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 6.3 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:C). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Retail Applications

 


This table provides the text form of the Risk Matrix for Oracle Retail Applications.

CVE Identifier Description
CVE-2014-0114 Vulnerability in the Oracle Retail Allocation component of Oracle Retail Applications (subcomponent: General application (Struts based)). Supported versions that are affected are 10.0, 11.0, 12.0, 13.0, 13.1 and 13.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized takeover of Oracle Retail Allocation possibly including arbitrary code execution within the Oracle Retail Allocation.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2014-0114 Vulnerability in the Oracle Retail Invoice Matching component of Oracle Retail Applications (subcomponent: General application (Struts based)). Supported versions that are affected are 11.0, 12.0, 12.0 IN, 12.1, 13.0, 13.1, 13.2 and 14.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized takeover of Oracle Retail Invoice Matching possibly including arbitrary code execution within the Oracle Retail Invoice Matching.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2014-0114 Vulnerability in the Oracle Retail Markdown Optimization component of Oracle Retail Applications (subcomponent: General application (Struts based)). Supported versions that are affected are 12.0, 13.0, 13.1, 13.2 and 13.4. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized takeover of Oracle Retail Markdown Optimization possibly including arbitrary code execution within the Oracle Retail Markdown Optimization.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2014-0114 Vulnerability in the Oracle Retail Clearance Optimization Engine component of Oracle Retail Applications (subcomponent: General application (Struts based)). Supported versions that are affected are 13.3, 13.4 and 14.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized takeover of Oracle Retail Clearance Optimization Engine possibly including arbitrary code execution within the Oracle Retail Clearance Optimization Engine.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Health Sciences Applications

 


This table provides the text form of the Risk Matrix for Oracle Health Sciences Applications.

CVE Identifier Description
CVE-2014-0050 Vulnerability in the Oracle Health Sciences Empirica Signal component of Oracle Health Sciences Applications (subcomponent: Tomcat, FileUpload). Supported versions that are affected are 7.3.3.3 and prior. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Health Sciences Empirica Signal.

Note: This fix also addresses CVE-2013-4286, CVE-2013-4322, CVE-2013-4590 and CVE-2014-0033.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2014-0050 Vulnerability in the Oracle Health Sciences Empirica Study component of Oracle Health Sciences Applications (subcomponent: Tomcat, FileUpload). Supported versions that are affected are 3.1.2.0 and prior. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Health Sciences Empirica Study.

Note: This fix also addresses CVE-2013-4286, CVE-2013-4322, CVE-2013-4590 and CVE-2014-0033.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2014-0050 Vulnerability in the Oracle Health Sciences Empirica Inspections component of Oracle Health Sciences Applications (subcomponent: Tomcat, FileUpload). Supported versions that are affected are 1.0.1.0 and prior. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Health Sciences Empirica Inspections.

Note: This fix also addresses CVE-2013-4286, CVE-2013-4322, CVE-2013-4590 and CVE-2014-0033.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Primavera Products Suite

 


This table provides the text form of the Risk Matrix for Oracle Primavera Products Suite.

CVE Identifier Description
CVE-2014-0114 Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access (Struts based)). Supported versions that are affected are 7.0, 8.0, 8.1, 8.2 and 8.3. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Primavera P6 Enterprise Project Portfolio Management accessible data as well as read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data and ability to cause a partial denial of service (partial DOS) of Primavera P6 Enterprise Project Portfolio Management.

CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory]
CVE-2014-0114 Vulnerability in the Primavera Contract Management component of Oracle Primavera Products Suite (subcomponent: Web Access (Struts based)). Supported versions that are affected are 13.1 and 14.0. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Primavera Contract Management accessible data as well as read access to a subset of Primavera Contract Management accessible data and ability to cause a partial denial of service (partial DOS) of Primavera Contract Management.

CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Java SE

 


This table provides the text form of the Risk Matrix for Oracle Java SE.

CVE Identifier Description
CVE-2014-4288 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u81, Java SE 7u67 and Java SE 8u20. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2014-6456 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 7u67 and Java SE 8u20. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2014-6457 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE 5.0u71, Java SE 6u81, Java SE 7u67, Java SE 8u20, Java SE Embedded 7u60, JRockit R27.8.3 and JRockit R28.3.3. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, Java SE Embedded, JRockit accessible data as well as read access to a subset of Java SE, Java SE Embedded, JRockit accessible data.

Note: Applies to client and server deployment of JSSE.

CVSS Base Score 4.0 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N). (legend) [Advisory]
CVE-2014-6458 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u81, Java SE 7u67 and Java SE 8u20. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2014-6466 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u81, Java SE 7u67 and Java SE 8u20. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Applies to client deployment of Java on Internet Explorer only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2014-6468Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Hotspot). The supported version that is affected is Java SE 8u20. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Applies to client and server deployment of Java. This vulnerability requires local access to the victim environment in order to plant the affected jar file. Once the affected jar file was planted, this vulnerability can be triggered through sandboxed Java Web Start applications, sandboxed Java applets, and launching the affected application locally. It can also be triggered by supplying data to APIs in the specified component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.

CVSS Base Score 6.9 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C). (legend) [Vendor Information]
CVE-2014-6476 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 7u67 and Java SE 8u20. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2014-6485 Vulnerability in the Java SE, JavaFX component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE 8u20 and JavaFX 2.2.65. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2014-6492 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u81, Java SE 7u67 and Java SE 8u20. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Applies to client deployment of Java on Firefox only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2014-6493 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u81, Java SE 7u67 and Java SE 8u20. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2014-6502 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE 5.0u71, Java SE 6u81, Java SE 7u67, Java SE 8u20 and Java SE Embedded 7u60. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, Java SE Embedded accessible data.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 2.6 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2014-6503 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u81, Java SE 7u67 and Java SE 8u20. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2014-6504 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE 5.0u71, Java SE 6u81, Java SE 7u67 and Java SE Embedded 7u60. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2014-6506 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE 5.0u71, Java SE 6u81, Java SE 7u67, Java SE 8u20 and Java SE Embedded 7u60. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, Java SE Embedded accessible data as well as read access to a subset of Java SE, Java SE Embedded accessible data and ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2014-6511 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE 5.0u71, Java SE 6u81, Java SE 7u67 and Java SE 8u20. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2014-6512 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE 5.0u71, Java SE 6u81, Java SE 7u67, Java SE 8u20, Java SE Embedded 7u60, JRockit R27.8.3 and JRockit R28.3.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, Java SE Embedded, JRockit accessible data.

Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2014-6513 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE 6u81, Java SE 7u67, Java SE 8u20 and Java SE Embedded 7u60. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2014-6515 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u81, Java SE 7u67 and Java SE 8u20. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2014-6517 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE 6u81, Java SE 7u67, Java SE 8u20, Java SE Embedded 7u60, JRockit R27.8.3 and JRockit R28.3.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data.

Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2014-6519 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE 7u67, Java SE 8u20 and Java SE Embedded 7u60. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, Java SE Embedded accessible data.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2014-6527 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 7u67 and Java SE 8u20. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 2.6 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2014-6531 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE 5.0u71, Java SE 6u81, Java SE 7u67, Java SE 8u20 and Java SE Embedded 7u60. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2014-6532 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE 6u81, Java SE 7u67 and Java SE 8u20. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2014-6558 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE 5.0u71, Java SE 6u81, Java SE 7u67, Java SE 8u20, Java SE Embedded 7u60, JRockit R27.8.3 and JRockit R28.3.3. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, Java SE Embedded, JRockit accessible data.

Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.

CVSS Base Score 2.6 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2014-6562 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE 8u20. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.

CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Sun Systems Products Suite

 


This table provides the text form of the Risk Matrix for Oracle Sun Systems Products Suite.

CVE Identifier Description
CVE-2014-0224 Vulnerability in the Fujitsu M10-1, Fujitsu M10-4, Fujitsu M10-4S servers component of Oracle Sun Systems Products Suite (subcomponent: XCP). The supported version that is affected is XCP prior to XCP2221. Difficult to exploit vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Fujitsu M10-1, Fujitsu M10-4, Fujitsu M10-4S servers accessible data as well as read access to a subset of Fujitsu M10-1, Fujitsu M10-4, Fujitsu M10-4S servers accessible data and ability to cause a partial denial of service (partial DOS) of Fujitsu M10-1, Fujitsu M10-4, Fujitsu M10-4S servers.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2014-4275 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: SMB server kernel module). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2014-4276 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Common Internet File System(CIFS)). The supported version that is affected is 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via CIFS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2014-4277 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Automated Install Engine). The supported version that is affected is 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2014-4280 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: IPS transfer module). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris.

CVSS Base Score 4.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2014-4282 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel/X86). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2014-4283 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Automated Install Engine). The supported version that is affected is 11. Difficult to exploit vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data.

CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2014-4284 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: IPS transfer module). The supported version that is affected is 11. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris.

CVSS Base Score 4.4 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2014-6470 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Archive Utility). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:C/I:C/A:C). (legend) [Advisory]
CVE-2014-6473 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Zone Framework). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Applies only when Solaris is running on SPARC platform.

CVSS Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2014-6490 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: SMB server user component). The supported version that is affected is 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via SMB. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2014-6497 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 4.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2014-6501 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: SSH). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data.

CVSS Base Score 2.1 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2014-6508 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: iSCSI Data Mover(IDM)). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 7.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C). (legend) [Advisory]
CVE-2014-6529 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Hermon HCA PCIe driver). The supported version that is affected is 11. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via None, but can only be launched from an adjacent network. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:A/AC:H/Au:N/C:C/I:C/A:C). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Virtualization

 


This table provides the text form of the Risk Matrix for Oracle Virtualization.

CVE Identifier Description
CVE-2014-2472 Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: SGD Proxy Server (ttaauxserv)). Supported versions that are affected are 5.0 and 5.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Secure Global Desktop.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2014-2473 Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: SGD Proxy Server (ttaauxserv) and SGD SSL Daemon (ttassl)). Supported versions that are affected are 5.0 and 5.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Secure Global Desktop.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2014-2474 Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: SGD Proxy Server (ttaauxserv)). Supported versions that are affected are 5.0 and 5.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Secure Global Desktop.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2014-2475 Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: SGD Proxy Server (ttaauxserv)). Supported versions that are affected are 4.63, 4.71, 5.0 and 5.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Secure Global Desktop.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2014-2476 Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: SGD Proxy Server (ttaauxserv)). Supported versions that are affected are 5.0 and 5.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Secure Global Desktop.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2014-6459 Vulnerability in the Oracle Secure Global Desktop component of Oracle Virtualization (subcomponent: SGD Proxy Server (ttaauxserv)). Supported versions that are affected are 5.0 and 5.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Secure Global Desktop.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2014-6540 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Graphics driver (WDDM) for Windows guests). Supported versions that are affected are VirtualBox prior to 4.1.34, 4.2.26 and 4.3.14. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox.

CVSS Base Score 1.9 (Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle MySQL

 


This table provides the text form of the Risk Matrix for Oracle MySQL.

CVE Identifier Description
CVE-2012-5615 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:PRIVILEGES AUTHENTICATION PLUGIN API). Supported versions that are affected are 5.5.38 and earlier and 5.6.19 and earlier. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data.

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2014-0224 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:SSL:OpenSSL). Supported versions that are affected are 5.6.19 and earlier. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some MySQL Server accessible data as well as read access to a subset of MySQL Server accessible data and ability to cause a partial denial of service (partial DOS) of MySQL Server.

Note: This fix also addresses CVE-2010-5298,CVE-2014-0195,CVE-2014-0198,CVE-2014-0221,CVE-2014-3470.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2014-4274 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:MyISAM). Supported versions that are affected are 5.5.38 and earlier and 5.6.19 and earlier. Difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized takeover of MySQL Server possibly including arbitrary code execution within the MySQL Server.

CVSS Base Score 4.1 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:S/C:P/I:P/A:P). (legend) [Advisory]
CVE-2014-4287 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:CHARACTER SETS). Supported versions that are affected are 5.5.38 and earlier and 5.6.19 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2014-6463 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:REPLICATION ROW FORMAT BINARY LOG DML). Supported versions that are affected are 5.5.38 and earlier and 5.6.19 and earlier. Easily exploitable vulnerability allows successful network attacks via multiple protocols, requiring multiple authentications. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 3.3 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:M/C:N/I:N/A:P). (legend) [Advisory]
CVE-2014-6464 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:INNODB DML FOREIGN KEYS). Supported versions that are affected are 5.5.39 and earlier and 5.6.20 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2014-6469 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:OPTIMIZER). Supported versions that are affected are 5.5.39 and eariler and 5.6.20 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).

CVSS Base Score 6.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C). (legend) [Advisory]
CVE-2014-6474 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:MEMCACHED). Supported versions that are affected are 5.6.19 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via Memcached. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2014-6478 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:SSL:yaSSL). Supported versions that are affected are 5.5.38 and earlier and 5.6.19 and earlier. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some MySQL Server accessible data.

CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory]
CVE-2014-6484 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:DML). Supported versions that are affected are 5.5.38 and earlier and 5.6.19 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2014-6489 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:SP). Supported versions that are affected are 5.6.19 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as update, insert or delete access to some MySQL Server accessible data.

CVSS Base Score 5.5 (Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:P). (legend) [Advisory]
CVE-2014-6491 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:SSL:yaSSL). Supported versions that are affected are 5.5.39 and earlier and 5.6.20 and earlier. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized takeover of MySQL Server possibly including arbitrary code execution within the MySQL Server.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2014-6494 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: CLIENT:SSL:yaSSL). Supported versions that are affected are 5.5.39 and earlier and 5.6.20 and earlier. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.3 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2014-6495 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:SSL:yaSSL). Supported versions that are affected are 5.5.38 and earlier and 5.6.19 and earlier. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server.

CVSS Base Score 4.3 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2014-6496 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: CLIENT:SSL:yaSSL). Supported versions that are affected are 5.5.39 and earlier and 5.6.20 and earlier. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.3 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory]
CVE-2014-6500 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:SSL:yaSSL). Supported versions that are affected are 5.5.39 and earlier and 5.6.20 and earlier. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized takeover of MySQL Server possibly including arbitrary code execution within the MySQL Server.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]
CVE-2014-6505 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:MEMORY STORAGE ENGINE). Supported versions that are affected are 5.5.38 and earlier and 5.6.19 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2014-6507 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:DML). Supported versions that are affected are 5.5.39 and eariler and 5.6.20 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS) as well as update, insert or delete access to all MySQL Server accessible data and read access to all MySQL Server accessible data.

CVSS Base Score 8.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:C). (legend) [Advisory]
CVE-2014-6520 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:DDL). Supported versions that are affected are 5.5.38 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]
CVE-2014-6530 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: CLIENT:MYSQLDUMP). Supported versions that are affected are 5.5.38 and earlier and 5.6.19 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized takeover of MySQL Server possibly including arbitrary code execution within the MySQL Server.

CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory]
CVE-2014-6551 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: CLIENT:MYSQLADMIN). Supported versions that are affected are 5.5.38 and earlier and 5.6.19 and earlier. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data.

CVSS Base Score 2.1 (Confidentiality impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2014-6555 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:DML). Supported versions that are affected are 5.5.39 and earlier and 5.6.20 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized takeover of MySQL Server possibly including arbitrary code execution within the MySQL Server.

CVSS Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P). (legend) [Advisory]
CVE-2014-6559 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: C API SSL CERTIFICATE HANDLING). Supported versions that are affected are 5.5.39 and earlier and 5.6.20 and earlier. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to all MySQL Server accessible data.

CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory]
CVE-2014-6564 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:INNODB FULLTEXT SEARCH DML). Supported versions that are affected are 5.6.19 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory]