CVE-2018-2719

CVE: CVE-2018-2719
Published: 2018-01-18T02:29Z
Vendor: oracle
Products: financial_services_hedge_management_and_ifrs_valuations
Versions: 8.0.5.0.0,
Description Language: en
Description: Vulnerability in the Oracle Financial Services Hedge Management and IFRS Valuations component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Hedge Management and IFRS Valuations. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Hedge Management and IFRS Valuations, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Hedge Management and IFRS Valuations accessible data as well as unauthorized read access to a subset of Oracle Financial Services Hedge Management and IFRS Valuations accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
References:
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.securityfocus.com/bid/102653
http://www.securitytracker.com/id/1040214

CVE-2018-2717

CVE: CVE-2018-2717
Published: 2018-01-18T02:29Z
Vendor: oracle
Products: solaris
Versions: 10.0, 11.3,
Description Language: en
Description: Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: SPARC Platform). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Solaris accessible data as well as unauthorized access to critical data or complete access to all Solaris accessible data. CVSS 3.0 Base Score 6.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N).
References:
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.securityfocus.com/bid/102613
http://www.securitytracker.com/id/1040215

CVE-2018-2716

CVE: CVE-2018-2716
Published: 2018-01-18T02:29Z
Vendor: oracle
Products: financial_services_market_risk_measurement_and_management
Versions: 8.0.5,
Description Language: en
Description: Vulnerability in the Oracle Financial Services Market Risk Measurement and Management component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Market Risk Measurement and Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Market Risk Measurement and Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Market Risk Measurement and Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Market Risk Measurement and Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
References:
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.securityfocus.com/bid/102672
http://www.securitytracker.com/id/1040214

CVE-2018-2715

CVE: CVE-2018-2715
Published: 2018-01-18T02:29Z
Vendor: oracle
Products: business_intelligence
Versions: 12.2.1.2.0, 12.2.1.3.0,
Description Language: en
Description: Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: BI Platform Security). Supported versions that are affected are 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
References:
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.securityfocus.com/bid/102558
http://www.securitytracker.com/id/1040207

CVE-2018-2714

CVE: CVE-2018-2714
Published: 2018-01-18T02:29Z
Vendor: oracle
Products: financial_services_market_risk
Versions: 8.0.5.0.0,
Description Language: en
Description: Vulnerability in the Oracle Financial Services Market Risk component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Market Risk. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Market Risk, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Market Risk accessible data as well as unauthorized read access to a subset of Oracle Financial Services Market Risk accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
References:
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.securityfocus.com/bid/102666
http://www.securitytracker.com/id/1040214

CVE-2018-2713

CVE: CVE-2018-2713
Published: 2018-01-18T02:29Z
Vendor: oracle
Products: webcenter_portal
Versions: 11.1.1.9.0, 12.2.1.2.0, 12.2.1.3.0,
Description Language: en
Description: Vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: WebCenter Spaces Application). Supported versions that are affected are 11.1.1.9.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Portal, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Portal accessible data as well as unauthorized read access to a subset of Oracle WebCenter Portal accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N).
References:
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.securityfocus.com/bid/102550
http://www.securitytracker.com/id/1040207

CVE-2018-2712

CVE: CVE-2018-2712
Published: 2018-01-18T02:29Z
Vendor: oracle
Products: financial_services_loan_loss_forecasting_and_provisioning
Versions: 8.0.5.0.0,
Description Language: en
Description: Vulnerability in the Oracle Financial Services Loan Loss Forecasting and Provisioning component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Loan Loss Forecasting and Provisioning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Loan Loss Forecasting and Provisioning, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Loan Loss Forecasting and Provisioning accessible data as well as unauthorized read access to a subset of Oracle Financial Services Loan Loss Forecasting and Provisioning accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
References:
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.securityfocus.com/bid/102660
http://www.securitytracker.com/id/1040214

CVE-2018-2711

CVE: CVE-2018-2711
Published: 2018-01-18T02:29Z
Vendor: oracle
Products: jdeveloper
Versions: 11.1.1.2.4, 11.1.1.7.0, 11.1.1.7.1, 11.1.1.9.0, 12.1.3.0.0,
Description Language: en
Description: Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: Security Framework). Supported versions that are affected are 11.1.1.2.4, 11.1.1.7.0, 11.1.1.7.1, 11.1.1.9.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle JDeveloper, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle JDeveloper accessible data as well as unauthorized update, insert or delete access to some of Oracle JDeveloper accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).
References:
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.securityfocus.com/bid/102539
http://www.securitytracker.com/id/1040207

CVE-2018-2710

CVE: CVE-2018-2710
Published: 2018-01-18T02:29Z
Vendor: oracle
Products: solaris
Versions: 10.0,
Description Language: en
Description: Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 10. Easily exploitable vulnerability allows unauthenticated attacker with network access via ICMP to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
References:
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.securityfocus.com/bid/102608
http://www.securitytracker.com/id/1040215

CVE-2018-2709

CVE: CVE-2018-2709
Published: 2018-01-18T02:29Z
Vendor: oracle
Products: banking_corporate_lending
Versions: 12.3.0, 12.4.0,
Description Language: en
Description: Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0 and 12.4.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).
References:
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.securityfocus.com/bid/102555
http://www.securitytracker.com/id/1040214

CVE-2018-2708

CVE: CVE-2018-2708
Published: 2018-01-18T02:29Z
Vendor: oracle
Products: banking_payments
Versions: 12.3.0, 12.4.0,
Description Language: en
Description: Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.3.0 and 12.4.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).
References:
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.securityfocus.com/bid/102684
http://www.securitytracker.com/id/1040214

CVE-2018-2707

CVE: CVE-2018-2707
Published: 2018-01-18T02:29Z
Vendor: oracle
Products: banking_corporate_lending
Versions: 12.3.0, 12.4.0,
Description Language: en
Description: Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Corporate Lending accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Corporate Lending. CVSS 3.0 Base Score 8.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H).
References:
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.securityfocus.com/bid/102551
http://www.securitytracker.com/id/1040214

CVE-2018-2706

CVE: CVE-2018-2706
Published: 2018-01-18T02:29Z
Vendor: oracle
Products: banking_corporate_lending
Versions: 12.3.0, 12.4.0,
Description Language: en
Description: Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in takeover of Oracle Banking Corporate Lending. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
References:
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.securityfocus.com/bid/102543
http://www.securitytracker.com/id/1040214

CVE-2018-2705

CVE: CVE-2018-2705
Published: 2018-01-18T02:29Z
Vendor: oracle
Products: banking_payments
Versions: 12.3.0, 12.4.0,
Description Language: en
Description: Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in takeover of Oracle Banking Payments. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
References:
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.securityfocus.com/bid/102561
http://www.securitytracker.com/id/1040214

CVE-2018-2704

CVE: CVE-2018-2704
Published: 2018-01-18T02:29Z
Vendor: oracle
Products: banking_payments
Versions: 12.3.0, 12.4.0,
Description Language: en
Description: Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Payments accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Payments. CVSS 3.0 Base Score 8.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H).
References:
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.securityfocus.com/bid/102568
http://www.securitytracker.com/id/1040214

CVE-2018-2703

CVE: CVE-2018-2703
Published: 2018-01-18T02:29Z
Vendor: oracle
Products: mysql
Versions: 5.6.0, 5.6.1, 5.6.2, 5.6.3, 5.6.4, 5.6.5, 5.6.6, 5.6.7, 5.6.8, 5.6.9, 5.6.10, 5.6.11, 5.6.12, 5.6.13, 5.6.14, 5.6.15, 5.6.16, 5.6.17, 5.6.18, 5.6.19, 5.6.20, 5.6.21, 5.6.22, 5.6.23, 5.6.24, 5.6.25, 5.6.26, 5.6.27, 5.6.28, 5.6.29, 5.6.30, 5.6.31, 5.6.32, 5.6.33, 5.6.34, 5.6.35, 5.6.36, 5.6.37, 5.6.38, 5.7.0, 5.7.1, 5.7.2, 5.7.3, 5.7.4, 5.7.5, 5.7.6, 5.7.7, 5.7.8, 5.7.9, 5.7.10, 5.7.11, 5.7.12, 5.7.13, 5.7.14, 5.7.15, 5.7.16, 5.7.17, 5.7.18, 5.7.19, 5.7.20,
Description Language: en
Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
References:
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.securityfocus.com/bid/102704
http://www.securitytracker.com/id/1040216
https://security.netapp.com/advisory/ntap-20180117-0002/

CVE-2018-2702

CVE: CVE-2018-2702
Published: 2018-01-18T02:29Z
Vendor: oracle
Products: peoplesoft_enterprise_scm_strategic_sourcing
Versions: 9.2,
Description Language: en
Description: Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Strategic Sourcing). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FSCM. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise FSCM accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
References:
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.securityfocus.com/bid/102600
http://www.securitytracker.com/id/1040204

CVE-2018-2701

CVE: CVE-2018-2701
Published: 2018-01-18T02:29Z
Vendor: oracle
Products: hospitality_cruise_fleet_management
Versions: 9.0.4.0,
Description Language: en
Description: Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Emergency Response System). The supported version that is affected is 9.0.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Cruise Fleet Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Cruise Fleet Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Fleet Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Fleet Management accessible data. CVSS 3.0 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N).
References:
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.securityfocus.com/bid/102554

CVE-2018-2700

CVE: CVE-2018-2700
Published: 2018-01-18T02:29Z
Vendor: oracle
Products: hospitality_cruise_fleet_management
Versions: 9.0.4.0,
Description Language: en
Description: Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Emergency Response System). The supported version that is affected is 9.0.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Cruise Fleet Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Fleet Management accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
References:
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.securityfocus.com/bid/102559

CVE-2018-2699

CVE: CVE-2018-2699
Published: 2018-01-18T02:29Z
Vendor: oracle
Products: application_express
Versions: 5.1.4.00.08,
Description Language: en
Description: Vulnerability in the Application Express component of Oracle Database Server. The supported version that is affected is Prior to 5.1.4.00.08. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Application Express accessible data as well as unauthorized read access to a subset of Application Express accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
References:
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.securityfocus.com/bid/102563
http://www.securitytracker.com/id/1040196