Affected Products and Versions | Patch Availability Document |
---|---|
Category Management Planning & Optimization, version 15.0.3 | Retail Applications |
Customer Management and Segmentation Foundation, versions 16.0, 17.0, 18.0 | Retail Applications |
Enterprise Manager Base Platform, versions 12.1.0.5, 13.3.0.0, 13.4.0.0 | Enterprise Manager |
Enterprise Manager for Fusion Middleware, version 12.1.0.5 | Enterprise Manager |
Enterprise Manager Ops Center, version 12.4.0.0 | Enterprise Manager |
GoldenGate Stream Analytics, versions prior to 19.1.0.0.1 | Database |
Hyperion Financial Close Management, version 11.1.2.4 | Fusion Middleware |
Instantis EnterpriseTrack, versions 17.1-17.3 | Oracle Construction and Engineering Suite |
JD Edwards EnterpriseOne Orchestrator, versions prior to 9.2.4.2 | JD Edwards |
JD Edwards EnterpriseOne Tools, versions prior to 9.2.3.3, prior to 9.2.4.2 | JD Edwards |
MySQL Client, versions 5.6.48 and prior, 5.7.30 and prior, 8.0.20 and prior | MySQL |
MySQL Cluster, versions 7.3.29 and prior, 7.4.28 and prior, 7.5.18 and prior, 7.6.14 and prior, 8.0.20 and prior | MySQL |
MySQL Connectors, versions 8.0.20 and prior | MySQL |
MySQL Enterprise Monitor, versions 4.0.12 and prior, 8.0.20 and prior | MySQL |
MySQL Server, versions 5.6.48 and prior, 5.7.30 and prior, 8.0.20 and prior | MySQL |
Oracle Agile Engineering Data Management, version 6.2.1.0 | Oracle Supply Chain Products |
Oracle Application Express, versions 5.1-19.2 | Database |
Oracle Application Testing Suite, versions 13.2.0.1, 13.3.0.1 | Enterprise Manager |
Oracle AutoVue, version 21.0 | Oracle Supply Chain Products |
Oracle Banking Enterprise Collections, versions 2.7.0-2.9.0 | Oracle Banking Platform |
Oracle Banking Payments, versions 14.1.0-14.4.0 | Oracle Financial Services Applications |
Oracle Banking Platform, versions 2.4.0-2.10.0 | Oracle Banking Platform |
Oracle Berkeley DB, versions prior to 6.1.38, prior to 18.1.40 | Berkeley DB |
Oracle BI Publisher, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0 | Fusion Middleware |
Oracle Business Intelligence Enterprise Edition, versions 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0 | Fusion Middleware |
Oracle Business Process Management Suite, versions 12.2.1.3.0, 12.2.1.4.0 | Fusion Middleware |
Oracle Coherence, versions 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 | Fusion Middleware |
Oracle Commerce Guided Search / Oracle Commerce Experience Manager, versions 11.0, 11.1, 11.2, prior to 11.3.1 | Oracle Commerce |
Oracle Commerce Platform, versions 11.1, 11.2, prior to 11.3.1 | Oracle Commerce |
Oracle Commerce Service Center, versions 11.1, 11.2, prior to 11.3.1 | Oracle Commerce |
Oracle Communications Analytics, version 12.1.1 | Oracle Communications Analytics |
Oracle Communications Billing and Revenue Management, versions 7.5.0.23.0, 12.0.0.3.0 | Oracle Communications Billing and Revenue Management |
Oracle Communications BRM - Elastic Charging Engine, versions 11.3, 12.0 | Oracle Communications BRM - Elastic Charging Engine |
Oracle Communications Contacts Server, version 8.0.0.4.0 | Oracle Communications Contacts Server |
Oracle Communications Convergence, versions 3.0.1.0-3.0.2.1 | Oracle Communications Convergence |
Oracle Communications Diameter Signaling Router (DSR), versions 8.0-8.4 | Oracle Communications Diameter Signaling Router |
Oracle Communications Element Manager, versions 8.1.1, 8.2.0, 8.2.1 | Oracle Communications Element Manager |
Oracle Communications Evolved Communications Application Server, version 7.1 | Oracle Communications Evolved Communications Application Server |
Oracle Communications Instant Messaging Server, version 10.0.1.4.0 | Oracle Communications Instant Messaging Server |
Oracle Communications Interactive Session Recorder, versions 6.1-6.4 | Oracle Communications Interactive Session Recorder |
Oracle Communications IP Service Activator, versions 7.3.0, 7.4.0 | Oracle Communications IP Service Activator |
Oracle Communications LSMS, versions 13.0-13.3 | Oracle Communications LSMS |
Oracle Communications Messaging Server, versions 8.0.2, 8.1.0 | Oracle Communications Messaging Server |
Oracle Communications MetaSolv Solution, version 6.3.0 | Oracle Communications MetaSolv Solution |
Oracle Communications Network Charging and Control, versions 6.0.1, 12.0.0-12.0.3 | Oracle Communications Network Charging and Control |
Oracle Communications Network Integrity, versions 7.3.2-7.3.6 | Oracle Communications Network Integrity |
Oracle Communications Operations Monitor, versions 3.4, 4.1-4.3 | Oracle Communications Operations Monitor |
Oracle Communications Order and Service Management, versions 7.3, 7.4 | Oracle Communications Order and Service Management |
Oracle Communications Services Gatekeeper, versions 6.0, 6.1, 7.0 | Oracle Communications Services Gatekeeper |
Oracle Communications Session Border Controller, versions 8.1.0, 8.2.0, 8.3.0 | Oracle Communications Session Border Controller |
Oracle Communications Session Report Manager, versions 8.1.1, 8.2.0, 8.2.1 | Oracle Communications Session Report Manager |
Oracle Communications Session Route Manager, versions 8.1.1, 8.2.0, 8.2.1 | Oracle Communications Session Route Manager |
Oracle Configuration Manager, version 12.1.2.0.6 | Enterprise Manager |
Oracle Configurator, versions 12.1, 12.2 | Oracle Supply Chain Products |
Oracle Data Masking and Subsetting, versions 13.3.0.0, 13.4.0.0 | Enterprise Manager |
Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c, [Spatial Studio] prior to 19.2.1 | Database |
Oracle E-Business Suite, versions 12.1.1-12.1.3, 12.2.3-12.2.9 | E-Business Suite |
Oracle Endeca Information Discovery Studio, version 3.2.0 | Fusion Middleware |
Oracle Enterprise Communications Broker, versions 3.0.0-3.2.0 | Oracle Enterprise Communications Broker |
Oracle Enterprise Repository, version 11.1.1.7.0 | Fusion Middleware |
Oracle Enterprise Session Border Controller, versions 8.1.0, 8.2.0, 8.3.0 | Oracle Enterprise Session Border Controller |
Oracle Financial Services Analytical Applications Infrastructure, versions 8.0.6-8.1.0 | Oracle Financial Services Analytical Applications Infrastructure |
Oracle Financial Services Compliance Regulatory Reporting, versions 8.0.6-8.0.8 | Oracle Financial Services Compliance Regulatory Reporting |
Oracle Financial Services Lending and Leasing, versions 12.5.0, 14.1.0-14.8.0 | Oracle Financial Services Applications |
Oracle Financial Services Liquidity Risk Management, version 8.0.6 | Oracle Financial Services Liquidity Risk Management |
Oracle Financial Services Loan Loss Forecasting and Provisioning, versions 8.0.6-8.0.8 | Oracle Financial Services Loan Loss Forecasting and Provisioning |
Oracle Financial Services Market Risk Measurement and Management, versions 8.0.6, 8.0.8 | Oracle Financial Services Market Risk Measurement and Management |
Oracle Financial Services Regulatory Reporting for De Nederlandsche Bank, version 8.0.4 | Oracle Financial Services Regulatory Reporting for De Nederlandsche Bank |
Oracle FLEXCUBE Investor Servicing, versions 12.1.0, 12.3.0, 12.4.0, 14.0.0, 14.1.0 | Oracle Financial Services Applications |
Oracle FLEXCUBE Private Banking, versions 12.0.0, 12.1.0 | Oracle Financial Services Applications |
Oracle Fusion Middleware MapViewer, versions 12.2.1.3.0, 12.2.1.4.0 | Fusion Middleware |
Oracle Global Lifecycle Management/OPatch, versions prior to 12.2.0.1.20 | Global Lifecycle Management |
Oracle GoldenGate, versions prior to 19.1.0.0.0 | Database |
Oracle GraalVM Enterprise Edition, versions 19.3.2, 20.1.0 | Oracle GraalVM Enterprise Edition |
Oracle Health Sciences Empirica Inspections, version 1.0.1.2 | Health Sciences |
Oracle Health Sciences Empirica Signal, version 7.3.3 | Health Sciences |
Oracle Healthcare Master Person Index, version 4.0.2 | Health Sciences |
Oracle Healthcare Translational Research, versions 3.2.1, 3.3.1, 3.3.2, 3.4.0 | Health Sciences |
Oracle Help Technologies, versions 11.1.1.9.0, 12.2.1.3.0 | Fusion Middleware |
Oracle Hospitality Guest Access, versions 4.2.0, 4.2.1 | Oracle Hospitality Guest Access |
Oracle Hospitality Reporting and Analytics, version 9.1.0 | Oracle Hospitality Reporting and Analytics |
Oracle Hyperion BI+, version 11.1.2.4 | Fusion Middleware |
Oracle iLearning, versions 6.1, 6.1.1 | iLearning |
Oracle Insurance Accounting Analyzer, versions 8.0.6-8.0.9 | Oracle Insurance Accounting Analyzer |
Oracle Insurance Data Gateway, version 1.0 | Oracle Insurance Applications |
Oracle Insurance Policy Administration J2EE, versions 10.2.0, 10.2.4, 11.0.2, 11.1.0, 11.2.0 | Oracle Insurance Applications |
Oracle Insurance Rules Palette, versions 10.2.0, 10.2.4, 11.0.2, 11.1.0, 11.2.0 | Oracle Insurance Applications |
Oracle Java SE, versions 7u261, 8u251, 11.0.7, 14.0.1 | Java SE |
Oracle Java SE Embedded, version 8u251 | Java SE |
Oracle Outside In Technology, versions 8.5.4, 8.5.5 | Fusion Middleware |
Oracle Rapid Planning, versions 12.1, 12.2 | Oracle Supply Chain Products |
Oracle Real User Experience Insight, version 13.3.1.0 | Enterprise Manager |
Oracle Retail Assortment Planning, versions 15.0, 15.0.3, 16.0, 16.0.3 | Retail Applications |
Oracle Retail Bulk Data Integration, versions 15.0, 16.0 | Retail Applications |
Oracle Retail Customer Management and Segmentation Foundation, version 18.0 | Retail Applications |
Oracle Retail Data Extractor for Merchandising, versions 1.9, 1.10, 18.0 | Retail Applications |
Oracle Retail Extract Transform and Load, version 19.0 | Retail Applications |
Oracle Retail Financial Integration, versions 15.0, 16.0 | Retail Applications |
Oracle Retail Fusion Platform, version 5.5 | Retail Applications |
Oracle Retail Integration Bus, versions 15.0, 15.0.3, 16.0, 16.0.3 | Retail Applications |
Oracle Retail Invoice Matching, version 16.0 | Retail Applications |
Oracle Retail Item Planning, version 15.0.3 | Retail Applications |
Oracle Retail Macro Space Optimization, version 15.0.3 | Retail Applications |
Oracle Retail Merchandise Financial Planning, version 15.0.3 | Retail Applications |
Oracle Retail Merchandising System, versions 15.0.3, 16.0.2, 16.0.3 | Retail Applications |
Oracle Retail Order Broker, version 15.0 | Retail Applications |
Oracle Retail Predictive Application Server, versions 14.0.3, 14.1.3, 15.0.3, 16.0.3 | Retail Applications |
Oracle Retail Regular Price Optimization, versions 15.0.3, 16.0.3 | Retail Applications |
Oracle Retail Replenishment Optimization, version 15.0.3 | Retail Applications |
Oracle Retail Sales Audit, version 14.1 | Retail Applications |
Oracle Retail Service Backbone, versions 14.1, 15.0, 16.0 | Retail Applications |
Oracle Retail Size Profile Optimization, version 15.0.3 | Retail Applications |
Oracle Retail Store Inventory Management, versions 14.0.4, 14.1.3, 15.0.3, 16.0.3 | Retail Applications |
Oracle Retail Xstore Point of Service, versions 7.1, 15.0, 16.0, 17.0, 18.0, 19.0 | Retail Applications |
Oracle SD-WAN Aware, versions 8.0, 8.1, 8.2 | Oracle SD-WAN Aware |
Oracle SD-WAN Edge, versions 8.0, 8.1, 8.2, 9.0 | Oracle SD-WAN Edge |
Oracle Security Service, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0 | Fusion Middleware |
Oracle Solaris, version 11 | Systems |
Oracle TimesTen In-Memory Database, versions prior to 18.1.2.1.0 | Database |
Oracle Transportation Management, versions 6.3.7, 6.4.3 | Oracle Supply Chain Products |
Oracle Unified Directory, versions 11.1.2.3.0, 12.2.1.3.0, 12.2.1.4.0 | Fusion Middleware |
Oracle Utilities Framework, versions 4.3.0.5.0, 4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0 | Oracle Utilities Applications |
Oracle VM VirtualBox, versions prior to 5.2.44, prior to 6.0.24, prior to 6.1.12 | Virtualization |
Oracle WebCenter Portal, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0 | Fusion Middleware |
Oracle WebCenter Sites, versions 12.2.1.3.0, 12.2.1.4.0 | Fusion Middleware |
Oracle WebLogic Server, versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 | Fusion Middleware |
Oracle ZFS Storage Appliance Kit, version 8.8 | Systems |
PeopleSoft Enterprise FIN Expenses, version 9.2 | PeopleSoft |
PeopleSoft Enterprise HCM Global Payroll Switzerland, version 9.2 | PeopleSoft |
PeopleSoft Enterprise HRMS, version 9.2 | PeopleSoft |
PeopleSoft Enterprise PeopleTools, versions 8.56, 8.57, 8.58 | PeopleSoft |
Primavera Gateway, versions 16.2.0-16.2.11, 17.12.0-17.12.7, 18.8.0-18.8.9, 19.12.0-19.12.4 | Oracle Construction and Engineering Suite |
Primavera P6 Enterprise Project Portfolio Management, versions 16.1.0.0-16.2.20.1, 17.1.0.0-17.12.17.1, 18.1.0.0-18.8.19, 19.12.0-19.12.6 | Oracle Construction and Engineering Suite |
Primavera Portfolio Management, versions 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2.0, 19.0.0.0 | Oracle Construction and Engineering Suite |
Primavera Unifier, versions 16.1, 16.2, 17.7-17.12, 18.8, 19.12, [Mobile App] prior to 20.6 | Oracle Construction and Engineering Suite |
Siebel Applications, versions 2.20.5 and prior, 20.6 and prior | Siebel |
Date | Note |
---|---|
2020-December-1 | Rev 8. Updated CVSS score of CVE-2020-14564. |
2020-August-31 | Rev 7. Credit Statement Update. |
2020-August-3 | Rev 6. Credit Statement Update. |
2020-July-27 | Rev 5. Credit Statement Update. |
2020-July-24 | Rev 4. Affected version number changes to CVE-2020-14701 & CVE-2020-14606 |
Rev 3. Added entry for CVE-2020-14725 in MySQL Risk Matrix. The fix was included in patches already released but was inadvertently not documented. | |
2020-July-20 | Rev 2. Credit Statement Update. |
2020-July-14 | Rev 1. Initial Release. |
CVE# | Component | Package and/or Privilege Required | Protocol | Remote Exploit without Auth.? | CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) | Supported Versions Affected | Notes | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Base Score | Attack Vector | Attack Complex | Privs Req'd | User Interact | Scope | Confid- entiality | Inte- grity | Avail- ability | |||||||
CVE-2016-1000031 | MapViewer (Apache Commons FileUpload) | Valid User Account | HTTP | No | 8.8 | Network | Low | Low | None | Un- changed | High | High | High | 12.2.0.1, 18c, 19c | See Note 1 |
CVE-2020-2968 | Java VM | Create Session, Create Procedure | Multiple | No | 8.0 | Network | High | Low | Required | Changed | High | High | High | 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c | |
CVE-2016-9843 | Core RDBMS (zlib) | Create Session | Oracle Net | No | 7.2 | Network | Low | High | None | Un- changed | High | High | High | 18c | |
CVE-2020-2969 | Data Pump | DBA role account | Oracle Net | No | 6.6 | Network | High | High | None | Un- changed | High | High | High | 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c | |
CVE-2020-8112 | GeoRaster (OpenJPG) | Create Session | Oracle Net | No | 5.7 | Network | Low | Low | Required | Un- changed | None | None | High | 18c | |
CVE-2020-2513 | Oracle Application Express | SQL Workshop | HTTP | No | 5.4 | Network | Low | Low | Required | Changed | Low | Low | None | 5.1-19.2 | |
CVE-2020-2971 | Oracle Application Express | SQL Workshop | HTTP | No | 5.4 | Network | Low | Low | Required | Changed | Low | Low | None | 5.1-19.2 | |
CVE-2020-2972 | Oracle Application Express | SQL Workshop | HTTP | No | 5.4 | Network | Low | Low | Required | Changed | Low | Low | None | 5.1-19.2 | |
CVE-2020-2973 | Oracle Application Express | SQL Workshop | HTTP | No | 5.4 | Network | Low | Low | Required | Changed | Low | Low | None | 5.1-19.2 | |
CVE-2020-2974 | Oracle Application Express | SQL Workshop | HTTP | No | 5.4 | Network | Low | Low | Required | Changed | Low | Low | None | 5.1-19.2 | |
CVE-2020-2976 | Oracle Application Express | SQL Workshop | HTTP | No | 5.4 | Network | Low | Low | Required | Changed | Low | Low | None | 5.1-19.2 | |
CVE-2020-2975 | Oracle Application Express | SQL Workshop | HTTP | No | 5.4 | Network | Low | Low | Required | Changed | Low | Low | None | 5.1-19.2 | |
CVE-2019-17569 | Workload Manager (Apache Tomcat) | None | HTTP | Yes | 4.8 | Network | High | None | None | Un- changed | Low | Low | None | 12.2.0.1, 18c, 19c | |
CVE-2020-2977 | Oracle Application Express | Valid User Account | HTTP | No | 4.6 | Network | Low | Low | Required | Un- changed | Low | Low | None | 5.1-19.2 | |
CVE-2020-2978 | Oracle Database - Enterprise Edition | DBA role account | Oracle Net | No | 4.1 | Network | Low | High | None | Changed | None | Low | None | 12.1.0.2, 12.2.0.1, 18c, 19c | |
CVE-2019-13990 | MapViewer (Terracotta Quartz Scheduler, Apache Batik, Google Guava) | Local Logon | None | No | 0.0 | Local | Low | Low | Required | Un- changed | None | None | None | 12.2.0.1, 18c, 19c | See Note 2 |
CVE-2018-18314 | Oracle Database (Perl) | Local Logon | None | No | 0.0 | Local | High | High | None | Un- changed | None | None | None | 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c | See Note 3 |
CVE-2019-10086 | Spatial Studio (Apache Commons Beanutils) | Local Logon | None | No | 0.0 | Local | Low | Low | None | Un- changed | None | None | None | Spatial Studio: Prior to 19.2.1 | See Note 4 |
CVE-2019-16943 | TFA (jackson-databind) | Local Logon | None | No | 0.0 | Local | High | High | None | Un- changed | None | None | None | 12.2.0.1, 18c, 19c | See Note 5 |
CVE# | Component | Package and/or Privilege Required | Protocol | Remote Exploit without Auth.? | CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) | Supported Versions Affected | Notes | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Base Score | Attack Vector | Attack Complex | Privs Req'd | User Interact | Scope | Confid- entiality | Inte- grity | Avail- ability | |||||||
CVE-2017-10140 | Data Store | None | None | No | 7.3 | Local | Low | Low | Required | Un- changed | High | High | High | Prior to 6.1.38 | |
CVE-2020-2981 | Data Store | None | None | No | 7.0 | Local | High | None | Required | Un- changed | High | High | High | Prior to 18.1.40 | |
CVE-2019-8457 | Data Store (SQLite) | None | TCP | No | 0.0 | Network | Low | None | Required | Un- changed | None | None | None | Prior to 18.1.40 | See Note 1 |
CVE# | Product | Component | Protocol | Remote Exploit without Auth.? | CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) | Supported Versions Affected | Notes | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Base Score | Attack Vector | Attack Complex | Privs Req'd | User Interact | Scope | Confid- entiality | Inte- grity | Avail- ability | |||||||
CVE-2020-9546 | Oracle Global Lifecycle Management/OPatch | Patch Installer (jackson-databind) | None | No | 0.0 | Local | Low | Low | None | Un- changed | None | None | None | Prior to 12.2.0.1.20 | See Note 1 |
CVE# | Product | Component | Protocol | Remote Exploit without Auth.? | CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) | Supported Versions Affected | Notes | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Base Score | Attack Vector | Attack Complex | Privs Req'd | User Interact | Scope | Confid- entiality | Inte- grity | Avail- ability | |||||||
CVE-2020-14705 | Oracle GoldenGate | Process Management | TCP | Yes | 9.6 | Adjacent Network | Low | None | None | Changed | High | High | High | Prior to 19.1.0.0.0 | |
CVE-2019-0222 | GoldenGate Stream Analytics | Security (ActiveMQ) | TCP | No | 6.5 | Network | Low | Low | None | Un- changed | None | None | High | Prior to 19.1.0.0.1 | |
CVE-2019-14379 | GoldenGate Stream Analytics | Security / Application Adapters (jackson-databind, SLF4J, ZooKeeper, Apache Spark) | None | No | 0.0 | Local | Low | Low | None | Un- changed | None | None | None | Prior to 19.1.0.0.1 | See Note 1 |
CVE# | Product | Component | Protocol | Remote Exploit without Auth.? | CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) | Supported Versions Affected | Notes | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Base Score | Attack Vector | Attack Complex | Privs Req'd | User Interact | Scope | Confid- entiality | Inte- grity | Avail- ability | |||||||
CVE-2018-18314 | Oracle TimesTen In-Memory Database | Doc, EM Plug-in (Perl) | OracleNet | No | 0.0 | Network | Low | Low | None | Un- changed | None | None | None | Prior to 18.1.2.1.0 | See Note 1 |
CVE# | Product | Component | Protocol | Remote Exploit without Auth.? | CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) | Supported Versions Affected | Notes | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Base Score | Attack Vector | Attack Complex | Privs Req'd | User Interact | Scope | Confid- entiality | Inte- grity | Avail- ability | |||||||
CVE-2020-14536 | Oracle Commerce Guided Search / Oracle Commerce Experience Manager | Workbench | HTTP | Yes | 7.4 | Network | High | None | None | Un- changed | High | High | None | 11.0, 11.1, 11.2, prior to 11.3.1 | |
CVE-2020-14535 | Oracle Commerce Service Center | Commerce Service Center | HTTP | Yes | 7.4 | Network | High | None | None | Un- changed | High | High | None | 11.1, 11.2, prior to 11.3.1 | |
CVE-2020-14532 | Oracle Commerce Platform | Dynamo Application Framework | HTTP | Yes | 4.7 | Network | Low | None | Required | Changed | None | Low | None | 11.1, 11.2, prior to 11.3.1 | |
CVE-2020-14533 | Oracle Commerce Platform | Dynamo Application Framework | HTTP | No | 3.5 | Network | Low | High | Required | Un- changed | Low | Low | None | 11.1, 11.2, prior to 11.3.1 |
CVE# | Product | Component | Protocol | Remote Exploit without Auth.? | CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) | Supported Versions Affected | Notes | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Base Score | Attack Vector | Attack Complex | Privs Req'd | User Interact | Scope | Confid- entiality | Inte- grity | Avail- ability | |||||||
CVE-2020-14701 | Oracle SD-WAN Aware | User Interface | HTTP | Yes | 10.0 | Network | Low | None | None | Changed | High | High | High | 8.0, 8.1, 8.2 | |
CVE-2020-14606 | Oracle SD-WAN Edge | User Interface | HTTP | Yes | 10.0 | Network | Low | None | None | Changed | High | High | High | 8.0, 8.1, 8.2, 9.0 | |
CVE-2018-11058 | Oracle Communications Analytics | Platform (RSA BSAFE) | Multiple | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 12.1.1 | |
CVE-2019-16943 | Oracle Communications Billing and Revenue Management | Business Operation Center, Billing Care (jackson-databind) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 7.5.0.23.0, 12.0.0.3.0 | |
CVE-2016-1000031 | Oracle Communications Contacts Server | Core (Apache Commons FileUpload) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 8.0.0.4.0 | |
CVE-2020-9546 | Oracle Communications Contacts Server | Core (jackson-databind) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 8.0.0.4.0 | |
CVE-2020-1938 | Oracle Communications Element Manager | Core (Apache Tomcat) | Apache JServ Protocol (AJP) | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 8.1.1, 8.2.0, 8.2.1 | |
CVE-2020-9546 | Oracle Communications Evolved Communications Application Server | Session Design Center, Universal Data Recorder (jackson-databind) | Multiple | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 7.1 | |
CVE-2020-1938 | Oracle Communications Instant Messaging Server | Installation (Apache Tomcat) | Apache JServ Protocol (AJP) | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 10.0.1.4.0 | |
CVE-2020-9546 | Oracle Communications Instant Messaging Server | Presence API (jackson-databind) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 10.0.1.4.0 | |
CVE-2019-13990 | Oracle Communications IP Service Activator | Netwok Processor Configuration Management (Terracotta Quartz Scheduler) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 7.3.0, 7.4.0 | |
CVE-2020-11656 | Oracle Communications Network Charging and Control | Data Access Pack (SQLite) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 6.0.1, 12.0.0-12.0.3 | |
CVE-2019-2729 | Oracle Communications Network Integrity | Integration (Oracle WebLogic Server) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 7.3.2-7.3.6 | |
CVE-2019-2904 | Oracle Communications Network Integrity | User Interface (Application Development Framework) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 7.3.2-7.3.6 | |
CVE-2017-5645 | Oracle Communications Network Integrity | Cartridge Management (Log4j) | Multiple | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 7.3.2-7.3.6 | |
CVE-2020-7060 | Oracle Communications Diameter Signaling Router (DSR) | Platform (PHP) | HTTP | Yes | 9.1 | Network | Low | None | None | Un- changed | High | None | High | 8.0-8.4 | |
CVE-2020-1945 | Oracle Communications MetaSolv Solution | Online Help (Apache Ant) | HTTP | Yes | 9.1 | Network | Low | None | None | Un- changed | High | High | None | 6.3.0 | |
CVE-2018-1258 | Oracle Communications Network Integrity | Core (Spring Framework) | HTTP | No | 8.8 | Network | Low | Low | None | Un- changed | High | High | High | 7.3.2-7.3.6 | |
CVE-2020-9546 | Oracle Communications Network Charging and Control | Installer (jackson-databind) | None | No | 8.4 | Local | Low | None | None | Un- changed | High | High | High | 6.0.1, 12.0.0-12.0.3 | |
CVE-2020-14580 | Oracle Communications Session Border Controller | System Admin | SSH | No | 8.2 | Network | Low | Low | Required | Changed | High | Low | Low | 8.1.0, 8.2.0, 8.3.0 | |
CVE-2016-1181 | Oracle Communications Network Integrity | MSS Integration Cartridge (Apache Struts 1) | HTTP | Yes | 8.1 | Network | High | None | None | Un- changed | High | High | High | 7.3.2-7.3.6 | |
CVE-2017-0861 | Oracle Communications LSMS | Kernel | None | No | 7.8 | Local | Low | Low | None | Un- changed | High | High | High | 13.0-13.3 | |
CVE-2020-1945 | Oracle Communications Order and Service Management | Installer (Apache Ant) | None | No | 7.7 | Local | Low | None | None | Un- changed | High | High | None | 7.3, 7.4 | |
CVE-2020-5398 | Oracle Communications BRM - Elastic Charging Engine | Orchestration (Spring Framework) | HTTP | Yes | 7.5 | Network | High | None | Required | Un- changed | High | High | High | 11.3, 12.0 | |
CVE-2019-17359 | Oracle Communications Convergence | S/MIME Configuration (Bouncy Castle Java Library) | HTTPS | Yes | 7.5 | Network | Low | None | None | Un- changed | None | None | High | 3.0.1.0-3.0.2.1 | |
CVE-2020-5398 | Oracle Communications Element Manager | Core (Spring Framework) | HTTP | Yes | 7.5 | Network | High | None | Required | Un- changed | High | High | High | 8.1.1, 8.2.0, 8.2.1 | |
CVE-2019-0227 | Oracle Communications Network Integrity | Adapters (Apache Axis) | HTTP | Yes | 7.5 | Adjacent Network | High | None | None | Un- changed | High | High | High | 7.3.5, 7.3.6 | |
CVE-2019-16056 | Oracle Communications Operations Monitor | VSP implementing webserver (Python) | HTTP | Yes | 7.5 | Network | Low | None | None | Un- changed | High | None | None | 3.4, 4.1-4.3 | |
CVE-2019-0227 | Oracle Communications Order and Service Management | Installer, CMWS, CMT (Apache Axis) | HTTP | Yes | 7.5 | Adjacent Network | High | None | None | Un- changed | High | High | High | 7.3, 7.4 | |
CVE-2020-5398 | Oracle Communications Session Report Manager | Core (Spring Framework) | HTTP | Yes | 7.5 | Network | High | None | Required | Un- changed | High | High | High | 8.1.1, 8.2.0, 8.2.1 | |
CVE-2020-5398 | Oracle Communications Session Route Manager | Core (Spring Framework) | HTTP | Yes | 7.5 | Network | High | None | Required | Un- changed | High | High | High | 8.1.1, 8.2.0, 8.2.1 | |
CVE-2020-14630 | Oracle Enterprise Session Border Controller | File Upload | HTTP | No | 7.5 | Network | Low | High | Required | Changed | Low | Low | High | 8.1.0, 8.2.0, 8.3.0 | |
CVE-2019-10193 | Oracle Communications Operations Monitor | FDP, VSP Login, Packet Inspector (Redis) | HTTP | No | 7.2 | Network | Low | High | None | Un- changed | High | High | High | 3.4, 4.1 | |
CVE-2019-12423 | Oracle Communications Element Manager | REST API (Apache CXF) | HTTP | No | 6.5 | Network | Low | Low | None | Un- changed | High | None | None | 8.1.1, 8.2.0, 8.2.1 | |
CVE-2019-12423 | Oracle Communications Session Report Manager | REST API (Apache CXF) | HTTP | No | 6.5 | Network | Low | Low | None | Un- changed | High | None | None | 8.1.1, 8.2.0, 8.2.1 | |
CVE-2019-12423 | Oracle Communications Session Route Manager | REST API (Apache CXF) | HTTP | No | 6.5 | Network | Low | Low | None | Un- changed | High | None | None | 8.1.1, 8.2.0, 8.2.1 | |
CVE-2020-14721 | Oracle Enterprise Communications Broker | WebGUI | HTTP | No | 6.3 | Network | Low | Low | None | Un- changed | Low | Low | Low | 3.0.0-3.2.0 | |
CVE-2020-11022 | Oracle Communications Analytics | Platform (jQuery) | HTTP | Yes | 6.1 | Network | Low | None | Required | Changed | Low | Low | None | 12.1.1 | |
CVE-2020-11022 | Oracle Communications Element Manager | User Interface (jQuery) | HTTP | Yes | 6.1 | Network | Low | None | Required | Changed | Low | Low | None | 8.1.1, 8.2.0, 8.2.1 | |
CVE-2020-1941 | Oracle Communications Element Manager | Workorders (Apache ActiveMQ) | HTTP | Yes | 6.1 | Network | Low | None | Required | Changed | Low | Low | None | 8.1.1, 8.2.0, 8.2.1 | |
CVE-2020-11022 | Oracle Communications Interactive Session Recorder | Dashboard (jQuery) | HTTP | Yes | 6.1 | Network | Low | None | Required | Changed | Low | Low | None | 6.1-6.4 | |
CVE-2019-17091 | Oracle Communications Network Integrity | Core (Eclipse Mojarra) | HTTP | Yes | 6.1 | Network | Low | None | Required | Changed | Low | Low | None | 7.3.5, 7.3.6 | |
CVE-2020-11022 | Oracle Communications Operations Monitor | Mediation Engine, Dashboard, Grapahs, Calls (jQuery) | HTTP | Yes | 6.1 | Network | Low | None | Required | Changed | Low | Low | None | 3.4, 4.1-4.3 | |
CVE-2020-11022 | Oracle Communications Session Report Manager | User Interface (jQuery) | HTTP | Yes | 6.1 | Network | Low | None | Required | Changed | Low | Low | None | 8.1.1, 8.2.0, 8.2.1 | |
CVE-2020-1941 | Oracle Communications Session Report Manager | Workorders (Apache ActiveMQ) | HTTP | Yes | 6.1 | Network | Low | None | Required | Changed | Low | Low | None | 8.1.1, 8.2.0, 8.2.1 | |
CVE-2020-11022 | Oracle Communications Session Route Manager | User Interface (jQuery) | HTTP | Yes | 6.1 | Network | Low | None | Required | Changed | Low | Low | None | 8.1.1, 8.2.0, 8.2.1 | |
CVE-2020-1941 | Oracle Communications Session Route Manager | Workorders (Apache ActiveMQ) | HTTP | Yes | 6.1 | Network | Low | None | Required | Changed | Low | Low | None | 8.1.1, 8.2.0, 8.2.1 | |
CVE-2020-14563 | Oracle Enterprise Communications Broker | WebGUI | HTTP | Yes | 6.1 | Network | Low | None | Required | Changed | Low | Low | None | 3.0.0-3.2.0 | |
CVE-2020-14722 | Oracle Enterprise Communications Broker | WebGUI | HTTP | Yes | 5.8 | Network | High | None | Required | Changed | Low | Low | Low | 3.0.0-3.2.0 | |
CVE-2018-3639 | Oracle Communications LSMS | Kernel | None | No | 5.5 | Local | Low | Low | None | Un- changed | High | None | None | 13.0-13.3 | |
CVE-2020-1951 | Oracle Communications Messaging Server | Security (Apache Tika) | None | No | 5.5 | Local | Low | None | Required | Un- changed | None | None | High | 8.0.2, 8.1.0 | |
CVE-2019-10247 | Oracle Communications Analytics | Platform (Eclipse Jetty) | HTTP | Yes | 5.3 | Network | Low | None | None | Un- changed | Low | None | None | 12.1.1 | |
CVE-2020-1934 | Oracle Communications Element Manager | Core (Apache HTTP Server) | HTTP | Yes | 5.3 | Network | Low | None | None | Un- changed | Low | None | None | 8.1.1, 8.2.0, 8.2.1 | |
CVE-2019-10247 | Oracle Communications Services Gatekeeper | Platform Test Environment (Eclipse Jetty) | HTTP | Yes | 5.3 | Network | Low | None | None | Un- changed | Low | None | None | 6.0, 6.1, 7.0 | |
CVE-2020-1934 | Oracle Communications Session Report Manager | Core (Apache HTTP Server) | HTTP | Yes | 5.3 | Network | Low | None | None | Un- changed | Low | None | None | 8.1.1, 8.2.0, 8.2.1 | |
CVE-2020-1934 | Oracle Communications Session Route Manager | Core (Apache HTTP Server) | HTTP | Yes | 5.3 | Network | Low | None | None | Un- changed | Low | None | None | 8.1.1, 8.2.0, 8.2.1 | |
CVE-2020-14574 | Oracle Communications Interactive Session Recorder | FACE | None | No | 4.7 | Local | High | High | None | Un- changed | High | Low | None | 6.1-6.4 | |
CVE-2020-9488 | Oracle Communications Instant Messaging Server | Installation (Log4j) | SMTPS | Yes | 3.7 | Network | High | None | None | Un- changed | Low | None | None | 10.0.1.4.0 | |
CVE-2020-9488 | Oracle Communications Interactive Session Recorder | API, FACE, Archiver (Log4j) | SMTPS | Yes | 3.7 | Network | High | None | None | Un- changed | Low | None | None | 6.1-6.4 | |
CVE-2020-9488 | Oracle Communications Network Charging and Control | Notification Gateway (Log4j) | SMTPS | Yes | 3.7 | Network | High | None | None | Un- changed | Low | None | None | 6.0.1, 12.0.0-12.0.3 |
CVE# | Product | Component | Protocol | Remote Exploit without Auth.? | CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) | Supported Versions Affected | Notes | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Base Score | Attack Vector | Attack Complex | Privs Req'd | User Interact | Scope | Confid- entiality | Inte- grity | Avail- ability | |||||||
CVE-2017-5645 | Primavera Gateway | Admin (Apache Ant) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 16.2.0-16.2.11, 17.12.0-17.12.7 | |
CVE-2020-10683 | Primavera P6 Enterprise Project Portfolio Management | Web Access (dom4j) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 16.1.0.0-16.2.20.1, 17.1.0.0-17.12.17.1, 18.1.0.0-18.8.19, 19.12.0-19.12.6 | |
CVE-2020-9546 | Primavera Unifier | Platform (jackson-databind) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 16.1, 16.2, 17.7-17.12, 18.8, 19.12 | |
CVE-2020-1945 | Primavera Unifier | Core (Apache Ant) | HTTP | Yes | 9.1 | Network | Low | None | None | Un- changed | High | High | None | 16.1, 16.2, 17.7-17.12, 18.8, 19.12 | |
CVE-2018-17196 | Primavera P6 Enterprise Project Portfolio Management | Web Access (kafka client) | HTTP | No | 8.8 | Network | Low | Low | None | Un- changed | High | High | High | 19.12.0-19.12.6 | |
CVE-2020-9484 | Instantis EnterpriseTrack | Core (Apache Tomcat) | None | No | 7.0 | Local | High | Low | None | Un- changed | High | High | High | 17.1-17.3 | |
CVE-2020-11022 | Primavera Gateway | Admin (jQuery) | HTTP | Yes | 6.1 | Network | Low | None | Required | Changed | Low | Low | None | 16.2.0-16.2.11, 17.12.0-17.12.7, 18.8.0-18.8.9, 19.12.0-19.12.4 | |
CVE-2020-2562 | Primavera Portfolio Management | Investor Module | HTTP | Yes | 6.1 | Network | Low | None | Required | Changed | Low | Low | None | 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2.0, 19.0.0.0 | |
CVE-2020-14528 | Primavera Portfolio Management | Web Access | HTTP | Yes | 6.1 | Network | Low | None | Required | Changed | Low | Low | None | 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2.0, 19.0.0.0 | |
CVE-2020-14706 | Primavera P6 Enterprise Project Portfolio Management | Web Access | HTTP | Yes | 5.9 | Network | High | None | Required | Un- changed | High | Low | None | 17.1.0.0-17.12.17.1, 18.1.0.0-18.8.19, 19.12.0-19.12.5 | |
CVE-2020-14527 | Primavera Portfolio Management | Web Access | HTTP | Yes | 5.9 | Network | High | None | Required | Un- changed | High | Low | None | 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2.0, 19.0.0.0 | |
CVE-2020-14549 | Primavera Portfolio Management | Web Server | HTTPS | Yes | 5.9 | Network | High | None | Required | Un- changed | High | Low | None | 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2.0, 19.0.0.0 | |
CVE-2020-14618 | Primavera Unifier | Mobile App | HTTPS | Yes | 5.9 | Network | High | None | Required | Un- changed | High | Low | None | Prior to 20.6 | |
CVE-2020-14617 | Primavera Unifier | Platform, Mobile App | HTTPS | No | 5.7 | Network | Low | Low | Required | Un- changed | High | None | None | 16.1, 16.2, 17.7-17.12, 18.8, 19.12; Mobile App: Prior to 20.6 | |
CVE-2020-14653 | Primavera P6 Enterprise Project Portfolio Management | Web Access | HTTP | No | 5.4 | Network | Low | Low | None | Un- changed | Low | Low | None | 16.1.0.0-16.2.20.1, 17.1.0.0-17.12.17.1, 18.1.0.0-18.8.18.2 | |
CVE-2020-14529 | Primavera Portfolio Management | Investor Module | HTTP | No | 5.4 | Network | Low | Low | Required | Changed | Low | Low | None | 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2.0, 19.0.0.0 | |
CVE-2020-1934 | Instantis EnterpriseTrack | Core (Apache HTTP Server) | HTTP | Yes | 5.3 | Network | Low | None | None | Un- changed | Low | None | None | 17.1-17.3 | |
CVE-2020-14566 | Primavera Portfolio Management | Web Access | HTTP | Yes | 4.3 | Network | Low | None | Required | Un- changed | None | Low | None | 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2.0, 19.0.0.0 | |
CVE-2020-9488 | Instantis EnterpriseTrack | Logging (Log4j) | SMTPS | Yes | 3.7 | Network | High | None | None | Un- changed | Low | None | None | 17.1-17.3 | |
CVE-2020-9488 | Primavera Gateway | Admin (Log4j) | SMTPS | Yes | 3.7 | Network | High | None | None | Un- changed | Low | None | None | 16.2.0-16.2.11, 17.12.0-17.12.7, 18.8.0-18.8.9, 19.12.0-19.12.4 |
CVE# | Product | Component | Protocol | Remote Exploit without Auth.? | CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) | Supported Versions Affected | Notes | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Base Score | Attack Vector | Attack Complex | Privs Req'd | User Interact | Scope | Confid- entiality | Inte- grity | Avail- ability | |||||||
CVE-2020-14598 | Oracle CRM Gateway for Mobile Devices | Setup of Mobile Applications | HTTP | Yes | 9.1 | Network | Low | None | None | Un- changed | High | High | None | 12.1.1-12.1.3 | |
CVE-2020-14599 | Oracle CRM Gateway for Mobile Devices | Setup of Mobile Applications | HTTP | Yes | 9.1 | Network | Low | None | None | Un- changed | High | High | None | 12.1.1-12.1.3 | |
CVE-2020-14658 | Oracle Marketing | Marketing Administration | HTTP | Yes | 9.1 | Network | Low | None | None | Un- changed | High | High | None | 12.1.1-12.1.3, 12.2.3-12.2.9 | |
CVE-2020-14665 | Oracle Trade Management | Invoice | HTTP | Yes | 9.1 | Network | Low | None | None | Un- changed | High | High | None | 12.1.1-12.1.3, 12.2.3-12.2.9 | |
CVE-2020-14670 | Oracle Advanced Outbound Telephony | Settings | HTTP | Yes | 8.2 | Network | Low | None | Required | Changed | High | Low | None | 12.1.1-12.1.3, 12.2.3-12.2.9 | |
CVE-2020-14671 | Oracle Advanced Outbound Telephony | User Interface | HTTP | Yes | 8.2 | Network | Low | None | Required | Changed | High | Low | None | 12.1.1-12.1.3 | |
CVE-2020-14534 | Oracle Applications Framework | Popups | HTTP | Yes | 8.2 | Network | Low | None | Required | Changed | High | Low | None | 12.2.9 | |
CVE-2020-14688 | Oracle Common Applications | CRM User Management Framework | HTTP | Yes | 8.2 | Network | Low | None | Required | Changed | High | Low | None | 12.1.3, 12.2.3-12.2.9 | |
CVE-2020-14660 | Oracle CRM Technical Foundation | Preferences | HTTP | Yes | 8.2 | Network | Low | None | Required | Changed | High | Low | None | 12.1.3, 12.2.3-12.2.9 | |
CVE-2020-14682 | Oracle Depot Repair | Estimate and Actual Charges | HTTP | Yes | 8.2 | Network | Low | None | Required | Changed | High | Low | None | 12.1.1-12.1.3 | |
CVE-2020-14668 | Oracle E-Business Intelligence | DBI Setups | HTTP | Yes | 8.2 | Network | Low | None | Required | Changed | High | Low | None | 12.1.1-12.1.3 | |
CVE-2020-14681 | Oracle E-Business Intelligence | DBI Setups | HTTP | Yes | 8.2 | Network | Low | None | Required | Changed | High | Low | None | 12.1.1-12.1.3 | |
CVE-2020-14666 | Oracle Email Center | Message Display | HTTP | Yes | 8.2 | Network | Low | None | Required | Changed | High | Low | None | 12.1.1-12.1.3, 12.2.3-12.2.9 | |
CVE-2020-14596 | Oracle iStore | Address Book | HTTP | Yes | 8.2 | Network | Low | None | Required | Changed | High | Low | None | 12.1.1-12.1.3 | |
CVE-2020-14582 | Oracle iStore | User Registration | HTTP | Yes | 8.2 | Network | Low | None | Required | Changed | High | Low | None | 12.1.1-12.1.3, 12.2.3-12.2.9 | |
CVE-2020-14686 | Oracle iSupport | Others | HTTP | Yes | 8.2 | Network | Low | None | Required | Changed | High | Low | None | 12.1.1-12.1.3, 12.2.3-12.2.9 | |
CVE-2020-14719 | Oracle Internet Expenses | Mobile Expenses Admin Utilities | HTTP | No | 7.7 | Network | Low | Low | None | Changed | None | High | None | 12.2.4-12.2.9 | |
CVE-2020-14720 | Oracle Internet Expenses | Mobile Expenses Admin Utilities | HTTP | No | 7.7 | Network | Low | Low | None | Changed | High | None | None | 12.2.4-12.2.9 | |
CVE-2020-14610 | Oracle Applications Framework | Attachments / File Upload | HTTP | No | 7.6 | Network | Low | Low | Required | Changed | High | Low | None | 12.2.9 | |
CVE-2020-14657 | Oracle CRM Technical Foundation | Preferences | HTTP | No | 7.6 | Network | Low | Low | Required | Changed | High | Low | None | 12.1.3, 12.2.3-12.2.9 | |
CVE-2020-14667 | Oracle CRM Technical Foundation | Preferences | HTTP | No | 7.6 | Network | Low | Low | Required | Changed | High | Low | None | 12.1.3, 12.2.3-12.2.9 | |
CVE-2020-14679 | Oracle CRM Technical Foundation | Preferences | HTTP | Yes | 7.5 | Network | Low | None | None | Un- changed | None | None | High | 12.1.3, 12.2.3-12.2.9 | |
CVE-2020-14635 | Oracle Application Object Library | Logging | HTTP | Yes | 5.3 | Network | Low | None | None | Un- changed | Low | None | None | 12.2.5-12.2.9 | |
CVE-2020-14554 | Oracle Application Object Library | Diagnostics | HTTP | Yes | 4.7 | Network | Low | None | Required | Changed | None | Low | None | 12.1.3, 12.2.3-12.2.8 | |
CVE-2020-14716 | Oracle Common Applications | CRM User Management Framework | HTTP | Yes | 4.7 | Network | Low | None | Required | Changed | None | Low | None | 12.1.3, 12.2.3-12.2.9 | |
CVE-2020-14717 | Oracle Common Applications | CRM User Management Framework | HTTP | Yes | 4.7 | Network | Low | None | Required | Changed | None | Low | None | 12.1.3, 12.2.3-12.2.9 | |
CVE-2020-14659 | Oracle CRM Technical Foundation | Preferences | HTTP | Yes | 4.7 | Network | Low | None | Required | Changed | None | Low | None | 12.1.3, 12.2.3-12.2.9 | |
CVE-2020-14661 | Oracle CRM Technical Foundation | Preferences | HTTP | Yes | 4.7 | Network | Low | None | Required | Changed | None | Low | None | 12.1.3, 12.2.3-12.2.9 | |
CVE-2020-14555 | Oracle Marketing | Marketing Administration | HTTP | Yes | 4.7 | Network | Low | None | Required | Changed | None | Low | None | 12.1.1-12.1.3, 12.2.3-12.2.9 | |
CVE-2020-14590 | Oracle Applications Framework | Page Request | HTTP | No | 2.7 | Network | Low | High | None | Un- changed | Low | None | None | 12.1.3, 12.2.3-12.2.9 |
CVE# | Product | Component | Protocol | Remote Exploit without Auth.? | CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) | Supported Versions Affected | Notes | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Base Score | Attack Vector | Attack Complex | Privs Req'd | User Interact | Scope | Confid- entiality | Inte- grity | Avail- ability | |||||||
CVE-2020-9546 | Enterprise Manager Base Platform | Enterprise Manager Install (jackson-databind) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 13.3.0.0, 13.4.0.0 | |
CVE-2017-5645 | Oracle Application Testing Suite | Load Testing for Web Apps (Log4j) | Multiple | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 13.3.0.1 | |
CVE-2020-1945 | Enterprise Manager Ops Center | Networking (Apache Ant) | HTTP | Yes | 9.1 | Network | Low | None | None | Un- changed | High | High | None | 12.4.0.0 | |
CVE-2019-0227 | Enterprise Manager for Fusion Middleware | Coherence Management (Apache Axis) | HTTP | Yes | 8.8 | Adjacent Network | Low | None | None | Un- changed | High | High | High | 12.1.0.5 | |
CVE-2018-11776 | Enterprise Manager Base Platform | Reporting Framework (Apache Struts 2) | HTTP | Yes | 8.1 | Network | High | None | None | Un- changed | High | High | High | 13.3.0.0, 13.4.0.0 | |
CVE-2019-0227 | Enterprise Manager Base Platform | Application Service Level Mgmt (Apache Axis) | HTTP | Yes | 7.5 | Adjacent Network | High | None | None | Un- changed | High | High | High | 12.1.0.5, 13.3.0.0 | |
CVE-2020-7595 | Oracle Real User Experience Insight | APM Mesh (libxml2) | HTTP | Yes | 7.5 | Network | Low | None | None | Un- changed | None | None | High | 13.3.1.0 | |
CVE-2020-2982 | Enterprise Manager Base Platform | Enterprise Config Management | HTTP | No | 7.1 | Network | Low | Low | None | Un- changed | High | Low | None | 13.3.0.0, 13.4.0.0 | |
CVE-2020-2984 | Oracle Configuration Manager | Discovery and collection script | HTTP | No | 7.1 | Network | Low | Low | None | Un- changed | High | Low | None | 12.1.2.0.6 | |
CVE-2020-2983 | Oracle Data Masking and Subsetting | Data Masking | HTTP | No | 7.1 | Network | Low | Low | None | Un- changed | High | Low | None | 13.3.0.0, 13.4.0.0 | |
CVE-2019-17091 | Oracle Application Testing Suite | Load Testing for Web Apps (Eclipse Mojarra) | HTTP | Yes | 6.1 | Network | Low | None | Required | Changed | Low | Low | None | 13.2.0.1, 13.3.0.1 | |
CVE-2019-12415 | Enterprise Manager Base Platform | Application Service Level Mgmt (Apache POI) | None | No | 5.5 | Local | Low | Low | None | Un- changed | High | None | None | 12.1.0.5, 13.3.0.0, 13.4.0.0 | |
CVE-2020-1934 | Enterprise Manager Ops Center | Networking (Apache HTTP Server) | HTTP | Yes | 5.3 | Network | Low | None | None | Un- changed | Low | None | None | 12.4.0.0 | |
CVE-2019-1551 | Enterprise Manager Ops Center | Networking (OpenSSL) | HTTPS | Yes | 5.3 | Network | Low | None | None | Un- changed | Low | None | None | 12.4.0.0 |
CVE# | Product | Component | Protocol | Remote Exploit without Auth.? | CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) | Supported Versions Affected | Notes | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Base Score | Attack Vector | Attack Complex | Privs Req'd | User Interact | Scope | Confid- entiality | Inte- grity | Avail- ability | |||||||
CVE-2019-13990 | Oracle Banking Payments | Core (Terracotta Quartz Scheduler) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 14.1.0-14.4.0 | |
CVE-2020-9546 | Oracle Banking Platform | Framework (jackson-databind) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 2.4.0-2.9.0 | |
CVE-2019-2904 | Oracle Financial Services Lending and Leasing | Core (Application Development Framework) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 12.5.0, 14.1.0-14.2.0 | |
CVE-2017-5645 | Oracle Financial Services Lending and Leasing | Core (Log4j) | Multiple | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 12.5.0, 14.1.0-14.8.0 | |
CVE-2017-15708 | Oracle Financial Services Market Risk Measurement and Management | User Interface (Apache Synapse) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 8.0.6, 8.0.8 | |
CVE-2019-13990 | Oracle FLEXCUBE Investor Servicing | Infrastructure (Terracotta Quartz Scheduler) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 12.1.0, 12.3.0, 12.4.0, 14.0.0, 14.1.0 | |
CVE-2019-13990 | Oracle FLEXCUBE Private Banking | Core (Terracotta Quartz Scheduler) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 12.0.0, 12.1.0 | |
CVE-2019-11358 | Oracle Insurance Accounting Analyzer | User Interface (jQuery) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 8.0.6-8.0.8 | |
CVE-2020-1945 | Oracle Financial Services Analytical Applications Infrastructure | Infrastructure (Apache Ant) | HTTP | Yes | 9.1 | Network | Low | None | None | Un- changed | High | High | None | 8.0.6-8.1.0 | |
CVE-2020-1945 | Oracle FLEXCUBE Investor Servicing | Infrastructure (Apache Ant) | HTTP | Yes | 9.1 | Network | Low | None | None | Un- changed | High | High | None | 12.1.0, 12.3.0, 12.4.0, 14.0.0, 14.1.0 | |
CVE-2020-1945 | Oracle FLEXCUBE Private Banking | Utilities (Apache Ant) | HTTP | Yes | 9.1 | Network | Low | None | None | Un- changed | High | High | None | 12.0.0, 12.1.0 | |
CVE-2020-14569 | Oracle FLEXCUBE Investor Servicing | Infrastructure | HTTP | No | 8.1 | Network | Low | Low | None | Un- changed | High | High | None | 12.1.0, 12.3.0, 12.4.0, 14.0.0, 14.1.0 | |
CVE-2020-1945 | Oracle Banking Enterprise Collections | Installer (Apache Ant) | None | No | 7.7 | Local | Low | None | None | Un- changed | High | High | None | 2.7.0-2.9.0 | |
CVE-2020-1945 | Oracle Banking Platform | Installer (Apache Ant) | None | No | 7.7 | Local | Low | None | None | Un- changed | High | High | None | 2.4.0-2.9.0 | |
CVE-2019-0227 | Oracle Financial Services Compliance Regulatory Reporting | Web Service to Regulatory Report (Apache Axis) | HTTP | Yes | 7.5 | Adjacent Network | High | None | None | Un- changed | High | High | High | 8.0.6-8.0.8 | |
CVE-2019-12402 | Oracle FLEXCUBE Investor Servicing | Infrastructure (Apache Commons Compress) | HTTP | Yes | 7.5 | Network | Low | None | None | Un- changed | None | None | High | 12.1.0, 12.3.0, 12.4.0, 14.0.0, 14.1.0 | |
CVE-2019-12423 | Oracle FLEXCUBE Private Banking | Core (Apache CXF) | HTTP | Yes | 7.5 | Network | Low | None | None | Un- changed | High | None | None | 12.0.0, 12.1.0 | |
CVE-2019-0188 | Oracle FLEXCUBE Private Banking | Core (Apache Camel) | HTTP | Yes | 7.5 | Network | Low | None | None | Un- changed | High | None | None | 12.0.0, 12.1.0 | |
CVE-2019-17359 | Oracle FLEXCUBE Private Banking | Core (Bouncy Castle Java Library) | TLS | Yes | 7.5 | Network | Low | None | None | Un- changed | None | None | High | 12.0.0, 12.1.0 | |
CVE-2020-14602 | Oracle Financial Services Analytical Applications Infrastructure | Infrastructure | HTTP | No | 7.1 | Network | Low | Low | None | Un- changed | Low | High | None | 8.0.6-8.1.0 | |
CVE-2020-14691 | Oracle Financial Services Liquidity Risk Management | User Interface | HTTP | No | 7.1 | Network | Low | Low | None | Un- changed | Low | High | None | 8.0.6 | |
CVE-2020-14605 | Oracle Financial Services Analytical Applications Infrastructure | Infrastructure | HTTP | No | 6.5 | Network | Low | Low | None | Un- changed | None | High | None | 8.0.6-8.1.0 | |
CVE-2020-14685 | Oracle Financial Services Analytical Applications Infrastructure | Infrastructure | HTTP | No | 6.5 | Network | Low | Low | None | Un- changed | None | High | None | 8.0.6-8.1.0 | |
CVE-2020-14692 | Oracle Financial Services Loan Loss Forecasting and Provisioning | User Interface | HTTP | No | 6.5 | Network | Low | Low | None | Un- changed | None | High | None | 8.0.6-8.0.8 | |
CVE-2020-14693 | Oracle Insurance Accounting Analyzer | User Interface | HTTP | No | 6.5 | Network | Low | Low | None | Un- changed | None | High | None | 8.0.6-8.0.9 | |
CVE-2020-14662 | Oracle Financial Services Analytical Applications Infrastructure | Infrastructure | HTTP | No | 6.3 | Network | Low | Low | None | Un- changed | Low | Low | Low | 8.0.6-8.1.0 | |
CVE-2020-11022 | Oracle Banking Enterprise Collections | User Interface (jQuery) | HTTP | Yes | 6.1 | Network | Low | None | Required | Changed | Low | Low | None | 2.7.0-2.8.0 | |
CVE-2020-11022 | Oracle Banking Platform | User Interface (jQuery) | HTTP | Yes | 6.1 | Network | Low | None | Required | Changed | Low | Low | None | 2.4.0-2.10.0 | |
CVE-2020-14601 | Oracle Financial Services Analytical Applications Infrastructure | Infrastructure | HTTP | Yes | 6.1 | Network | Low | None | Required | Changed | Low | Low | None | 8.0.6-8.1.0 | |
CVE-2020-14615 | Oracle Financial Services Analytical Applications Infrastructure | Infrastructure | HTTP | Yes | 6.1 | Network | Low | None | Required | Changed | Low | Low | None | 8.0.6-8.1.0 | |
CVE-2020-11022 | Oracle Financial Services Regulatory Reporting for De Nederlandsche Bank | User Interface (jQuery) | HTTP | Yes | 6.1 | Network | Low | None | Required | Changed | Low | Low | None | 8.0.4 | |
CVE-2019-12415 | Oracle Banking Payments | Core (Apache POI) | None | No | 5.5 | Local | Low | Low | None | Un- changed | High | None | None | 14.1.0-14.4.0 | |
CVE-2019-12415 | Oracle FLEXCUBE Private Banking | Core (Apache POI) | None | No | 5.5 | Local | Low | Low | None | Un- changed | High | None | None | 12.0.0, 12.1.0 | |
CVE-2020-14603 | Oracle Financial Services Analytical Applications Infrastructure | Infrastructure | HTTP | Yes | 5.3 | Network | Low | None | None | Un- changed | Low | None | None | 8.0.6-8.1.0 | |
CVE-2020-14604 | Oracle Financial Services Analytical Applications Infrastructure | Infrastructure | HTTP | Yes | 5.3 | Network | Low | None | None | Un- changed | Low | None | None | 8.0.6-8.1.0 | |
CVE-2020-14684 | Oracle Financial Services Analytical Applications Infrastructure | Infrastructure | HTTP | Yes | 4.3 | Network | Low | None | Required | Un- changed | None | Low | None | 8.0.6-8.1.0 | |
CVE-2020-9488 | Oracle Banking Platform | Collections (Log4j) | SMTPS | Yes | 3.7 | Network | High | None | None | Un- changed | Low | None | None | 2.4.0-2.10.0 | |
CVE-2020-9488 | Oracle FLEXCUBE Investor Servicing | Infrastructure (Log4j) | SMTPS | Yes | 3.7 | Network | High | None | None | Un- changed | Low | None | None | 12.1.0, 12.3.0, 12.4.0, 14.0.0, 14.1.0 |
CVE# | Product | Component | Protocol | Remote Exploit without Auth.? | CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) | Supported Versions Affected | Notes | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Base Score | Attack Vector | Attack Complex | Privs Req'd | User Interact | Scope | Confid- entiality | Inte- grity | Avail- ability | |||||||
CVE-2020-14543 | Oracle Hospitality Reporting and Analytics | Installation | None | No | 7.3 | Local | Low | Low | Required | Un- changed | High | High | High | 9.1.0 | |
CVE-2020-14561 | Oracle Hospitality Reporting and Analytics | Installation | None | No | 7.3 | Local | Low | Low | Required | Un- changed | High | High | High | 9.1.0 | |
CVE-2020-14594 | Oracle Hospitality Reporting and Analytics | Inventory Integration | None | No | 6.5 | Local | Low | High | Required | Un- changed | High | High | High | 9.1.0 | |
CVE-2020-14616 | Oracle Hospitality Reporting and Analytics | Reporting | HTTP | No | 2.7 | Network | Low | High | None | Un- changed | Low | None | None | 9.1.0 |
CVE# | Product | Component | Protocol | Remote Exploit without Auth.? | CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) | Supported Versions Affected | Notes | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Base Score | Attack Vector | Attack Complex | Privs Req'd | User Interact | Scope | Confid- entiality | Inte- grity | Avail- ability | |||||||
CVE-2017-5645 | Oracle Endeca Information Discovery Studio | Studio (Apache Ant) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 3.2.0 | |
CVE-2019-17531 | Oracle WebCenter Portal | Security Framework (jackson-databind) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 12.2.1.3.0, 12.2.1.4.0 | |
CVE-2020-9546 | Oracle WebLogic Server | Centralized Thirdparty Jars (jackson-databind) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 12.2.1.3.0, 12.2.1.4.0 | |
CVE-2018-11058 | Oracle WebLogic Server | Security Service (RSA BSAFE) | HTTPS | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 | |
CVE-2020-14625 | Oracle WebLogic Server | Core | IIOP, T3 | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 | |
CVE-2020-14644 | Oracle WebLogic Server | Core | IIOP, T3 | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 | |
CVE-2020-14645 | Oracle WebLogic Server | Core | IIOP, T3 | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 | |
CVE-2020-14687 | Oracle WebLogic Server | Core | IIOP, T3 | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 | |
CVE-2017-5645 | Oracle WebLogic Server | Centralized Thirdparty Jars (Log4j) | Multiple | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 | |
CVE-2017-5645 | Oracle WebLogic Server | Console (Log4j) | Multiple | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 | |
CVE-2020-1945 | Oracle Endeca Information Discovery Studio | Studio (Apache Ant) | HTTP | Yes | 9.1 | Network | Low | None | None | Un- changed | High | High | None | 3.2.0 | |
CVE-2020-1945 | Oracle Enterprise Repository | Security Subsystem (Apache Ant) | HTTP | Yes | 9.1 | Network | Low | None | None | Un- changed | High | High | None | 11.1.1.7.0 | |
CVE-2020-8112 | Oracle Outside In Technology | Installation (OpenJPEG) | HTTP | Yes | 8.8 | Network | Low | None | Required | Un- changed | High | High | High | 8.5.5, 8.5.4 | See Note 1 |
CVE-2020-14609 | Oracle Business Intelligence Enterprise Edition | Analytics Web Answers | HTTP | Yes | 8.6 | Network | Low | None | None | Un- changed | High | Low | Low | 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0 | |
CVE-2020-14611 | Oracle WebCenter Portal | Composer | HTTP | Yes | 8.6 | Network | Low | None | None | Un- changed | Low | High | Low | 12.2.1.3.0, 12.2.1.4.0 | |
CVE-2020-14584 | Oracle BI Publisher | BI Publisher Security | HTTP | Yes | 8.2 | Network | Low | None | Required | Changed | High | Low | None | 12.2.1.3.0, 12.2.1.4.0 | |
CVE-2020-14585 | Oracle BI Publisher | Mobile Service | HTTP | Yes | 8.2 | Network | Low | None | Required | Changed | High | Low | None | 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0 | |
CVE-2020-14690 | Oracle Business Intelligence Enterprise Edition | Analytics Actions | HTTP | Yes | 8.2 | Network | Low | None | Required | Changed | High | Low | None | 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0 | |
CVE-2020-14608 | Oracle Fusion Middleware MapViewer | Tile Server | HTTP | Yes | 8.2 | Network | Low | None | None | Un- changed | Low | High | None | 12.2.1.3.0 | |
CVE-2020-14723 | Oracle Help Technologies | Web UIX | HTTP | Yes | 8.2 | Network | Low | None | Required | Changed | High | Low | None | 11.1.1.9.0, 12.2.1.3.0 | |
CVE-2020-14588 | Oracle WebLogic Server | Web Container | HTTP | Yes | 8.2 | Network | Low | None | None | Un- changed | Low | High | None | 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 | |
CVE-2020-14626 | Oracle Business Intelligence Enterprise Edition | Analytics Web General | HTTP | Yes | 8.1 | Network | High | None | None | Un- changed | High | High | High | 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0 | |
CVE-2020-14565 | Oracle Unified Directory | Security | HTTP | No | 8.1 | Network | Low | High | Required | Changed | None | High | High | 11.1.2.3.0, 12.2.1.3.0, 12.2.1.4.0 | |
CVE-2019-17359 | Oracle Business Process Management Suite | Runtime Engine (Bouncy Castle Java Library) | HTTPS | Yes | 7.5 | Network | Low | None | None | Un- changed | None | None | High | 12.2.1.3.0, 12.2.1.4.0 | |
CVE-2020-14642 | Oracle Coherence | CacheStore | HTTP | Yes | 7.5 | Network | Low | None | None | Un- changed | None | None | High | 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 | |
CVE-2019-0227 | Oracle WebCenter Portal | WebCenter Spaces Application (Apache Axis) | HTTP | Yes | 7.5 | Adjacent Network | High | None | None | Un- changed | High | High | High | 12.2.1.3.0 | |
CVE-2020-14639 | Oracle WebLogic Server | Sample apps | HTTP | Yes | 7.5 | Network | Low | None | None | Un- changed | High | None | None | 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 | |
CVE-2020-5398 | Oracle WebLogic Server | Sample apps (Spring Framework) | HTTP | Yes | 7.5 | Network | High | None | Required | Un- changed | High | High | High | 12.2.1.3.0, 12.2.1.4.0 | |
CVE-2020-14589 | Oracle WebLogic Server | Web Container | HTTP | Yes | 7.5 | Network | Low | None | None | Un- changed | None | None | High | 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 | |
CVE-2020-2967 | Oracle WebLogic Server | Web Services | IIOP, T3 | Yes | 7.5 | Network | Low | None | None | Un- changed | High | None | None | 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 | |
CVE-2020-14696 | Oracle BI Publisher | Layout Templates | HTTP | Yes | 7.2 | Network | Low | None | None | Changed | Low | Low | None | 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0 | |
CVE-2020-14571 | Oracle BI Publisher | Mobile Service | HTTP | Yes | 7.2 | Network | Low | None | None | Changed | Low | Low | None | 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0 | |
CVE-2020-14570 | Oracle BI Publisher | Mobile Service | HTTP | Yes | 7.1 | Network | Low | None | Required | Un- changed | High | Low | None | 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0 | |
CVE-2020-14552 | Oracle WebCenter Portal | Security Framework | HTTP | No | 6.8 | Network | Low | Low | Required | Changed | High | None | None | 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0 | |
CVE-2020-14557 | Oracle WebLogic Server | Web Container | HTTP | Yes | 6.8 | Network | High | None | Required | Un- changed | High | High | None | 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 | |
CVE-2020-14655 | Oracle Security Service | SSL API | HTTPS | Yes | 6.5 | Network | High | None | None | Un- changed | High | Low | None | 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0 | |
CVE-2020-14652 | Oracle WebLogic Server | Core | HTTP | Yes | 6.5 | Network | Low | None | None | Un- changed | Low | Low | None | 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 | |
CVE-2019-14862 | Oracle Business Intelligence Enterprise Edition | BI Platform Security (Knockout) | HTTP | Yes | 6.1 | Network | Low | None | Required | Changed | Low | Low | None | 12.2.1.3.0, 12.2.1.4.0 | |
CVE-2020-1941 | Oracle Enterprise Repository | Security Subsystem (Apache ActiveMQ) | HTTP | Yes | 6.1 | Network | Low | None | Required | Changed | Low | Low | None | 11.1.1.7.0 | |
CVE-2020-14607 | Oracle Fusion Middleware MapViewer | Tile Server | HTTP | Yes | 6.1 | Network | Low | None | Required | Changed | Low | Low | None | 12.2.1.3.0, 12.2.1.4.0 | |
CVE-2020-14613 | Oracle WebCenter Sites | Advanced User Interface | HTTP | Yes | 6.1 | Network | Low | None | Required | Changed | Low | Low | None | 12.2.1.3.0, 12.2.1.4.0 | |
CVE-2020-14572 | Oracle WebLogic Server | Console | HTTP | Yes | 6.1 | Network | Low | None | Required | Changed | Low | Low | None | 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 | |
CVE-2020-14636 | Oracle WebLogic Server | Sample apps | HTTP | Yes | 6.1 | Network | Low | None | Required | Changed | Low | Low | None | 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 | |
CVE-2020-14637 | Oracle WebLogic Server | Sample apps | HTTP | Yes | 6.1 | Network | Low | None | Required | Changed | Low | Low | None | 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 | |
CVE-2020-14638 | Oracle WebLogic Server | Sample apps | HTTP | Yes | 6.1 | Network | Low | None | Required | Changed | Low | Low | None | 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 | |
CVE-2020-14640 | Oracle WebLogic Server | Sample apps | HTTP | Yes | 6.1 | Network | Low | None | Required | Changed | Low | Low | None | 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 | |
CVE-2020-14530 | Oracle Security Service | None | HTTPS | Yes | 5.9 | Network | High | None | None | Un- changed | High | None | None | 11.1.1.9.0 | |
CVE-2019-12415 | Oracle WebCenter Portal | Security Framework (Apache POI) | None | No | 5.5 | Local | Low | Low | None | Un- changed | High | None | None | 12.2.1.3.0, 12.2.1.4.0 | |
CVE-2020-2966 | Oracle WebLogic Server | Console | HTTP | Yes | 5.4 | Network | Low | None | Required | Un- changed | Low | Low | None | 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 | |
CVE-2020-14622 | Oracle WebLogic Server | Core | HTTP | No | 4.9 | Network | Low | High | None | Un- changed | High | None | None | 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 | |
CVE-2020-9488 | Oracle Fusion Middleware MapViewer | Install (Log4j) | SMTPS | Yes | 3.7 | Network | High | None | None | Un- changed | Low | None | None | 12.2.1.3.0, 12.2.1.4.0 | |
CVE-2020-14548 | Oracle Business Intelligence Enterprise Edition | Analytics Web General | HTTP | Yes | 3.4 | Network | High | None | Required | Changed | Low | None | None | 12.2.1.3.0, 12.2.1.4.0 |
CVE# | Product | Component | Protocol | Remote Exploit without Auth.? | CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) | Supported Versions Affected | Notes | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Base Score | Attack Vector | Attack Complex | Privs Req'd | User Interact | Scope | Confid- entiality | Inte- grity | Avail- ability | |||||||
CVE-2019-17560 | Oracle GraalVM Enterprise Edition | GraalVM Compiler (Apache NetBeans) | HTTPS | Yes | 9.1 | Network | Low | None | None | Un- changed | High | High | None | 19.3.2, 20.1.0 | |
CVE-2020-14583 | Oracle GraalVM Enterprise Edition | Java | Multiple | Yes | 8.3 | Network | High | None | Required | Changed | High | High | High | 19.3.2, 20.1.0 | |
CVE-2020-11080 | Oracle GraalVM Enterprise Edition | JavaScript (Node.js) | HTTP | Yes | 7.5 | Network | Low | None | None | Un- changed | None | None | High | 19.3.2, 20.1.0 | |
CVE-2020-14718 | Oracle GraalVM Enterprise Edition | JVMCI | Multiple | No | 7.2 | Network | Low | High | None | Un- changed | High | High | High | 19.3.2, 20.1.0 |
CVE# | Product | Component | Protocol | Remote Exploit without Auth.? | CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) | Supported Versions Affected | Notes | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Base Score | Attack Vector | Attack Complex | Privs Req'd | User Interact | Scope | Confid- entiality | Inte- grity | Avail- ability | |||||||
CVE-2020-1938 | Oracle Health Sciences Empirica Inspections | Web server (Apache Tomcat) | Apache JServ Protocol (AJP) | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 1.0.1.2 | |
CVE-2020-1938 | Oracle Health Sciences Empirica Signal | Web server (Apache Tomcat) | Apache JServ Protocol (AJP) | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 7.3.3 | |
CVE-2020-5398 | Oracle Healthcare Master Person Index | Master Data Management (Spring Framework) | HTTP | Yes | 7.5 | Network | High | None | Required | Un- changed | High | High | High | 4.0.2 | |
CVE-2020-11022 | Oracle Healthcare Translational Research | Cohort Explorer (jQuery) | HTTP | Yes | 6.1 | Network | Low | None | Required | Changed | Low | Low | None | 3.2.1, 3.3.1, 3.3.2, 3.4.0 |
CVE# | Product | Component | Protocol | Remote Exploit without Auth.? | CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) | Supported Versions Affected | Notes | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Base Score | Attack Vector | Attack Complex | Privs Req'd | User Interact | Scope | Confid- entiality | Inte- grity | Avail- ability | |||||||
CVE-2020-1938 | Oracle Hospitality Guest Access | Base (Apache Tomcat) | Apache JServ Protocol (AJP) | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 4.2.0, 4.2.1 |
CVE# | Product | Component | Protocol | Remote Exploit without Auth.? | CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) | Supported Versions Affected | Notes | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Base Score | Attack Vector | Attack Complex | Privs Req'd | User Interact | Scope | Confid- entiality | Inte- grity | Avail- ability | |||||||
CVE-2020-14546 | Hyperion Financial Close Management | Close Manager | HTTP | No | 4.2 | Network | High | High | Required | Un- changed | None | High | None | 11.1.2.4 | |
CVE-2020-14560 | Oracle Hyperion BI+ | UI and Visualization | HTTP | No | 4.2 | Network | High | High | Required | Un- changed | High | None | None | 11.1.2.4 | |
CVE-2020-14541 | Hyperion Financial Close Management | Close Manager | HTTP | No | 2.0 | Network | High | High | Required | Un- changed | None | Low | None | 11.1.2.4 |
CVE# | Product | Component | Protocol | Remote Exploit without Auth.? | CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) | Supported Versions Affected | Notes | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Base Score | Attack Vector | Attack Complex | Privs Req'd | User Interact | Scope | Confid- entiality | Inte- grity | Avail- ability | |||||||
CVE-2020-14595 | Oracle iLearning | Assessment Manager | HTTP | Yes | 8.2 | Network | Low | None | None | Un- changed | High | None | Low | 6.1, 6.1.1 |
CVE# | Product | Component | Protocol | Remote Exploit without Auth.? | CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) | Supported Versions Affected | Notes | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Base Score | Attack Vector | Attack Complex | Privs Req'd | User Interact | Scope | Confid- entiality | Inte- grity | Avail- ability | |||||||
CVE-2017-12626 | Oracle Insurance Policy Administration J2EE | Architecture (Apache POI) | HTTP | Yes | 7.5 | Network | Low | None | None | Un- changed | None | None | High | 10.2.0, 10.2.4 | |
CVE-2020-5398 | Oracle Insurance Policy Administration J2EE | Architecture (Spring Framework) | HTTP | Yes | 7.5 | Network | High | None | Required | Un- changed | High | High | High | 10.2.0, 10.2.4, 11.0.2, 11.1.0, 11.2.0 | |
CVE-2020-5398 | Oracle Insurance Rules Palette | Architecture (Spring Framework) | HTTP | Yes | 7.5 | Network | High | None | Required | Un- changed | High | High | High | 10.2.0, 10.2.4, 11.0.2, 11.1.0, 11.2.0 | |
CVE-2019-12415 | Oracle Insurance Policy Administration J2EE | Architecture (Apache POI) | None | No | 5.5 | Local | Low | Low | None | Un- changed | High | None | None | 11.0.2, 11.1.0, 11.2.0 | |
CVE-2019-12415 | Oracle Insurance Rules Palette | Architecture (Apache POI) | None | No | 5.5 | Local | Low | Low | None | Un- changed | High | None | None | 10.2.0, 10.2.4, 11.0.2, 11.1.0, 11.2.0 | |
CVE-2020-9488 | Oracle Insurance Data Gateway | Security (Log4j) | SMTPS | Yes | 3.7 | Network | High | None | None | Un- changed | Low | None | None | 1.0 |
CVE# | Product | Component | Protocol | Remote Exploit without Auth.? | CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) | Supported Versions Affected | Notes | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Base Score | Attack Vector | Attack Complex | Privs Req'd | User Interact | Scope | Confid- entiality | Inte- grity | Avail- ability | |||||||
CVE-2020-14664 | Java SE | JavaFX | Multiple | Yes | 8.3 | Network | High | None | Required | Changed | High | High | High | Java SE: 8u251 | See Note 1 |
CVE-2020-14583 | Java SE, Java SE Embedded | Libraries | Multiple | Yes | 8.3 | Network | High | None | Required | Changed | High | High | High | Java SE: 7u261, 8u251, 11.0.7, 14.0.1; Java SE Embedded: 8u251 | See Note 1 |
CVE-2020-14593 | Java SE, Java SE Embedded | 2D | Multiple | Yes | 7.4 | Network | Low | None | Required | Changed | None | High | None | Java SE: 7u261, 8u251, 11.0.7, 14.0.1; Java SE Embedded: 8u251 | See Note 1 |
CVE-2020-14562 | Java SE | ImageIO | Multiple | Yes | 5.3 | Network | Low | None | None | Un- changed | None | None | Low | Java SE: 11.0.7, 14.0.1 | See Note 1 |
CVE-2020-14621 | Java SE, Java SE Embedded | JAXP | Multiple | Yes | 5.3 | Network | Low | None | None | Un- changed | None | Low | None | Java SE: 7u261, 8u251, 11.0.7, 14.0.1; Java SE Embedded: 8u251 | See Note 2 |
CVE-2020-14556 | Java SE, Java SE Embedded | Libraries | Multiple | Yes | 4.8 | Network | High | None | None | Un- changed | Low | Low | None | Java SE: 8u251, 11.0.7, 14.0.1; Java SE Embedded: 8u251 | See Note 3 |
CVE-2020-14573 | Java SE | Hotspot | Multiple | Yes | 3.7 | Network | High | None | None | Un- changed | None | Low | None | Java SE: 11.0.7, 14.0.1 | See Note 3 |
CVE-2020-14581 | Java SE, Java SE Embedded | 2D | Multiple | Yes | 3.7 | Network | High | None | None | Un- changed | Low | None | None | Java SE: 8u251, 11.0.7, 14.0.1; Java SE Embedded: 8u251 | See Note 3 |
CVE-2020-14578 | Java SE, Java SE Embedded | Libraries | Multiple | Yes | 3.7 | Network | High | None | None | Un- changed | None | None | Low | Java SE: 7u261, 8u251; Java SE Embedded: 8u251 | See Note 3 |
CVE-2020-14579 | Java SE, Java SE Embedded | Libraries | Multiple | Yes | 3.7 | Network | High | None | None | Un- changed | None | None | Low | Java SE: 7u261, 8u251; Java SE Embedded: 8u251 | See Note 3 |
CVE-2020-14577 | Java SE, Java SE Embedded | JSSE | TLS | Yes | 3.7 | Network | High | None | None | Un- changed | Low | None | None | Java SE: 7u261, 8u251, 11.0.7, 14.0.1; Java SE Embedded: 8u251 | See Note 3 |
CVE# | Product | Component | Protocol | Remote Exploit without Auth.? | CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) | Supported Versions Affected | Notes | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Base Score | Attack Vector | Attack Complex | Privs Req'd | User Interact | Scope | Confid- entiality | Inte- grity | Avail- ability | |||||||
CVE-2020-9546 | JD Edwards EnterpriseOne Orchestrator | E1 IOT Orchestrator Security (jackson-databind) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | Prior to 9.2.4.2 | |
CVE-2020-9546 | JD Edwards EnterpriseOne Tools | EnterpriseOne Mobility Sec (jackson-databind) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | Prior to 9.2.4.2 | |
CVE-2020-9546 | JD Edwards EnterpriseOne Tools | Monitoring and Diagnostics (jackson-databind) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | Prior to 9.2.4.2 | |
CVE-2020-9546 | JD Edwards EnterpriseOne Tools | Web Runtime (jackson-databind) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | Prior to 9.2.4.2 | |
CVE-2020-9488 | JD Edwards EnterpriseOne Tools | Installation SEC (Log4j) | SMTPS | Yes | 3.7 | Network | High | None | None | Un- changed | Low | None | None | Prior to 9.2.3.3 | |
CVE-2020-9488 | JD Edwards EnterpriseOne Tools | Monitoring and Diagnostics (Log4j) | SMTPS | Yes | 3.7 | Network | High | None | None | Un- changed | Low | None | None | Prior to 9.2.3.3 |
CVE# | Product | Component | Protocol | Remote Exploit without Auth.? | CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) | Supported Versions Affected | Notes | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Base Score | Attack Vector | Attack Complex | Privs Req'd | User Interact | Scope | Confid- entiality | Inte- grity | Avail- ability | |||||||
CVE-2020-1938 | MySQL Enterprise Monitor | Monitoring: General (Apache Tomcat) | Apache JServ Protocol (AJP) | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 4.0.12 and prior, 8.0.20 and prior | |
CVE-2020-1967 | MySQL Connectors | Connector/C++ (OpenSSL) | TLS | Yes | 7.5 | Network | Low | None | None | Un- changed | None | None | High | 8.0.20 and prior | |
CVE-2020-1967 | MySQL Connectors | Connector/ODBC (OpenSSL) | TLS | Yes | 7.5 | Network | Low | None | None | Un- changed | None | None | High | 8.0.20 and prior | |
CVE-2020-5398 | MySQL Enterprise Monitor | Monitoring: General (Spring Framework) | HTTPS | Yes | 7.5 | Network | High | None | Required | Un- changed | High | High | High | 4.0.12 and prior, 8.0.20 and prior | |
CVE-2020-1967 | MySQL Server | Server: Security: Encryption (OpenSSL) | MySQL Protocol | Yes | 7.5 | Network | Low | None | None | Un- changed | None | None | High | 5.6.48 and prior, 5.7.30 and prior, 8.0.20 and prior | |
CVE-2020-14663 | MySQL Server | Server: Security: Privileges | MySQL Protocol | No | 7.2 | Network | Low | High | None | Un- changed | High | High | High | 8.0.20 and prior | |
CVE-2020-14678 | MySQL Server | Server: Security: Privileges | MySQL Protocol | No | 7.2 | Network | Low | High | None | Un- changed | High | High | High | 8.0.20 and prior | |
CVE-2020-14697 | MySQL Server | Server: Security: Privileges | MySQL Protocol | No | 7.2 | Network | Low | High | None | Un- changed | High | High | High | 8.0.20 and prior | |
CVE-2020-14591 | MySQL Server | Server: Audit Plug-in | MySQL Protocol | No | 6.5 | Network | Low | Low | None | Un- changed | None | None | High | 8.0.20 and prior | |
CVE-2020-14539 | MySQL Server | Server: Optimizer | MySQL Protocol | No | 6.5 | Network | Low | Low | None | Un- changed | None | None | High | 5.6.48 and prior, 5.7.30 and prior, 8.0.20 and prior | |
CVE-2020-14680 | MySQL Server | Server: Optimizer | MySQL Protocol | No | 6.5 | Network | Low | Low | None | Un- changed | None | None | High | 8.0.20 and prior | |
CVE-2020-14619 | MySQL Server | Server: Parser | MySQL Protocol | No | 6.5 | Network | Low | Low | None | Un- changed | None | None | High | 8.0.20 and prior | |
CVE-2020-14576 | MySQL Server | Server: UDF | MySQL Protocol | No | 6.5 | Network | Low | Low | None | Un- changed | None | None | High | 5.7.30 and prior, 8.0.20 and prior | |
CVE-2020-14643 | MySQL Server | Server: Security: Roles | MySQL Protocol | No | 5.5 | Network | Low | High | None | Un- changed | None | Low | High | 8.0.20 and prior | |
CVE-2020-14651 | MySQL Server | Server: Security: Roles | MySQL Protocol | No | 5.5 | Network | Low | High | None | Un- changed | None | Low | High | 8.0.20 and prior | |
CVE-2020-14550 | MySQL Client | C API | MySQL Protocol | No | 5.3 | Network | High | Low | None | Un- changed | None | None | High | 5.6.48 and prior, 5.7.30 and prior, 8.0.20 and prior | |
CVE-2019-1551 | MySQL Enterprise Monitor | Monitoring: General (OpenSSL) | HTTPS | Yes | 5.3 | Network | Low | None | None | Un- changed | Low | None | None | 4.0.12 and prior, 8.0.20 and prior | |
CVE-2020-14568 | MySQL Server | InnoDB | MySQL Protocol | No | 4.9 | Network | Low | High | None | Un- changed | None | None | High | 8.0.20 and prior | |
CVE-2020-14623 | MySQL Server | InnoDB | MySQL Protocol | No | 4.9 | Network | Low | High | None | Un- changed | None | None | High | 8.0.20 and prior | |
CVE-2020-14540 | MySQL Server | Server: DML | MySQL Protocol | No | 4.9 | Network | Low | High | None | Un- changed | None | None | High | 5.7.30 and prior, 8.0.20 and prior | |
CVE-2020-14575 | MySQL Server | Server: DML | MySQL Protocol | No | 4.9 | Network | Low | High | None | Un- changed | None | None | High | 8.0.20 and prior | |
CVE-2020-14620 | MySQL Server | Server: DML | MySQL Protocol | No | 4.9 | Network | Low | High | None | Un- changed | None | None | High | 8.0.20 and prior | |
CVE-2020-14624 | MySQL Server | Server: JSON | MySQL Protocol | No | 4.9 | Network | Low | High | None | Un- changed | None | None | High | 8.0.20 and prior | |
CVE-2020-14656 | MySQL Server | Server: Locking | MySQL Protocol | No | 4.9 | Network | Low | High | None | Un- changed | None | None | High | 8.0.20 and prior | |
CVE-2020-14547 | MySQL Server | Server: Optimizer | MySQL Protocol | No | 4.9 | Network | Low | High | None | Un- changed | None | None | High | 5.7.30 and prior, 8.0.20 and prior | |
CVE-2020-14597 | MySQL Server | Server: Optimizer | MySQL Protocol | No | 4.9 | Network | Low | High | None | Un- changed | None | None | High | 8.0.20 and prior | |
CVE-2020-14614 | MySQL Server | Server: Optimizer | MySQL Protocol | No | 4.9 | Network | Low | High | None | Un- changed | None | None | High | 8.0.20 and prior | |
CVE-2020-14654 | MySQL Server | Server: Optimizer | MySQL Protocol | No | 4.9 | Network | Low | High | None | Un- changed | None | None | High | 8.0.20 and prior | |
CVE-2020-14725 | MySQL Server | Server: Optimizer | MySQL Protocol | No | 4.9 | Network | Low | High | None | Un- changed | None | None | High | 8.0.20 and prior | |
CVE-2020-14632 | MySQL Server | Server: Options | MySQL Protocol | No | 4.9 | Network | Low | High | None | Un- changed | None | None | High | 8.0.20 and prior | |
CVE-2020-14567 | MySQL Server | Server: Replication | MySQL Protocol | No | 4.9 | Network | Low | High | None | Un- changed | None | None | High | 5.7.29 and prior, 8.0.19 and prior | |
CVE-2020-14631 | MySQL Server | Server: Security: Audit | MySQL Protocol | No | 4.9 | Network | Low | High | None | Un- changed | None | None | High | 8.0.20 and prior | |
CVE-2020-14586 | MySQL Server | Server: Security: Privileges | MySQL Protocol | No | 4.9 | Network | Low | High | None | Un- changed | None | None | High | 8.0.20 and prior | |
CVE-2020-14702 | MySQL Server | Server: Security: Privileges | MySQL Protocol | No | 4.9 | Network | Low | High | None | Un- changed | None | None | High | 8.0.20 and prior | |
CVE-2020-14641 | MySQL Server | Server: Security: Roles | MySQL Protocol | No | 4.9 | Network | Low | High | None | Un- changed | High | None | None | 8.0.20 and prior | |
CVE-2020-14559 | MySQL Server | Server: Information Schema | MySQL Protocol | No | 4.3 | Network | Low | Low | None | Un- changed | Low | None | None | 5.6.48 and prior, 5.7.30 and prior, 8.0.20 and prior | |
CVE-2020-14553 | MySQL Server | Server: Pluggable Auth | MySQL Protocol | No | 4.3 | Network | Low | Low | None | Un- changed | None | Low | None | 5.7.30 and prior, 8.0.20 and prior | |
CVE-2020-14633 | MySQL Server | InnoDB | MySQL Protocol | No | 2.7 | Network | Low | High | None | Un- changed | None | Low | None | 8.0.20 and prior | |
CVE-2020-14634 | MySQL Server | InnoDB | MySQL Protocol | No | 2.7 | Network | Low | High | None | Un- changed | Low | None | None | 8.0.20 and prior | |
CVE-2020-5258 | MySQL Cluster | Cluster: Packaging (dojo) | Multiple | No | 0.0 | Network | Low | Low | Required | Un- changed | None | None | None | 7.3.29 and prior, 7.4.28 and prior, 7.5.18 and prior, 7.6.14 and prior, 8.0.20 and prior | See Note 1 |
CVE-2020-1967 | MySQL Enterprise Monitor | Monitoring: General (OpenSSL) | HTTPS | No | 0.0 | Network | Low | None | None | Un- changed | None | None | None | 4.0.12 and prior, 8.0.20 and prior | See Note 2 |
CVE# | Product | Component | Protocol | Remote Exploit without Auth.? | CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) | Supported Versions Affected | Notes | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Base Score | Attack Vector | Attack Complex | Privs Req'd | User Interact | Scope | Confid- entiality | Inte- grity | Avail- ability | |||||||
CVE-2019-17359 | PeopleSoft Enterprise HCM Global Payroll Switzerland | Global Payroll for Switzerland (Bouncy Castle Java Library) | HTTPS | Yes | 7.5 | Network | Low | None | None | Un- changed | None | None | High | 9.2 | |
CVE-2019-16056 | PeopleSoft Enterprise PeopleTools | Porting (Python) | HTTP | Yes | 7.5 | Network | Low | None | None | Un- changed | High | None | None | 8.57, 8.58 | |
CVE-2019-11358 | PeopleSoft Enterprise FIN Expenses | Expenses (jQuery) | HTTP | Yes | 6.1 | Network | Low | None | Required | Changed | Low | Low | None | 9.2 | |
CVE-2020-14627 | PeopleSoft Enterprise PeopleTools | Query | HTTP | Yes | 6.1 | Network | Low | None | Required | Changed | Low | Low | None | 8.56, 8.57, 8.58 | |
CVE-2020-14592 | PeopleSoft Enterprise PeopleTools | Rich Text Editor | HTTP | Yes | 6.1 | Network | Low | None | Required | Changed | Low | Low | None | 8.56, 8.57, 8.58 | |
CVE-2020-14587 | PeopleSoft Enterprise FIN Expenses | Expenses | HTTP | No | 5.4 | Network | Low | Low | None | Un- changed | Low | Low | None | 9.2 | |
CVE-2020-14612 | PeopleSoft Enterprise HRMS | Time and Labor | HTTP | No | 5.4 | Network | Low | Low | None | Un- changed | Low | Low | None | 9.2 | |
CVE-2020-14558 | PeopleSoft Enterprise PeopleTools | Portal | HTTP | Yes | 5.3 | Network | Low | None | None | Un- changed | Low | None | None | 8.56, 8.57, 8.58 | |
CVE-2019-1551 | PeopleSoft Enterprise PeopleTools | Security (OpenSSL) | HTTPS | Yes | 5.3 | Network | Low | None | None | Un- changed | Low | None | None | 8.56, 8.57, 8.58 | |
CVE-2020-14600 | PeopleSoft Enterprise PeopleTools | Portal | HTTP | Yes | 4.3 | Network | Low | None | Required | Un- changed | None | Low | None | 8.56, 8.57, 8.58 | |
CVE-2020-14564 | PeopleSoft Enterprise PeopleTools | Environment Mgmt Console | HTTP | No | 2.7 | Network | Low | High | None | Un- changed | None | Low | None | 8.56, 8.57, 8.58 |
CVE# | Product | Component | Protocol | Remote Exploit without Auth.? | CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) | Supported Versions Affected | Notes | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Base Score | Attack Vector | Attack Complex | Privs Req'd | User Interact | Scope | Confid- entiality | Inte- grity | Avail- ability | |||||||
CVE-2019-13990 | Customer Management and Segmentation Foundation | Segment (Terracotta Quartz Scheduler) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 18.0 | |
CVE-2019-12086 | Customer Management and Segmentation Foundation | Segment (jackson-databind) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 18.0 | |
CVE-2020-2555 | Oracle Retail Assortment Planning | Application Core (Coherence) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 15.0, 16.0 | |
CVE-2017-5645 | Oracle Retail Extract Transform and Load | Mathematical Operators (Log4j) | Multiple | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 19.0 | |
CVE-2020-1945 | Oracle Retail Financial Integration | PeopleSoft Integration (Apache Ant) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 15.0, 16.0 | |
CVE-2020-10683 | Oracle Retail Integration Bus | RIB Kernal (dom4j) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 15.0, 16.0 | |
CVE-2019-13990 | Oracle Retail Integration Bus | RIB Kernal (Terracotta Quartz Scheduler) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 15.0, 16.0 | |
CVE-2019-16943 | Oracle Retail Merchandising System | Inventory Movement (jackson-databind) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 15.0.3, 16.0.2, 16.0.3 | |
CVE-2019-16943 | Oracle Retail Sales Audit | Transaction Maintenance (jackson-databind) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 14.1 | |
CVE-2017-5645 | Oracle Retail Service Backbone | Installer (Log4j) | Multiple | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 14.1, 15.0, 16.0 | |
CVE-2019-13990 | Oracle Retail Xstore Point of Service | Xenvironment (Terracotta Quartz Scheduler) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 15.0, 16.0, 17.0, 18.0, 19.0 | |
CVE-2020-9546 | Oracle Retail Xstore Point of Service | Xenvironment (jackson-databind) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 15.0, 16.0, 17.0, 18.0, 19.0 | |
CVE-2020-1945 | Category Management Planning & Optimization | ODI Integration (Apache Ant) | HTTP | Yes | 9.1 | Network | Low | None | None | Un- changed | High | High | None | 15.0.3 | |
CVE-2020-1945 | Oracle Retail Assortment Planning | Application Core (Apache Ant) | HTTP | Yes | 9.1 | Network | Low | None | None | Un- changed | High | High | None | 15.0.3, 16.0.3 | |
CVE-2020-1945 | Oracle Retail Bulk Data Integration | BDI Job Scheduler (Apache Ant) | HTTP | Yes | 9.1 | Network | Low | None | None | Un- changed | High | High | None | 15.0, 16.0 | |
CVE-2020-1945 | Oracle Retail Data Extractor for Merchandising | ODI Knowledge Module (Apache Ant) | HTTP | Yes | 9.1 | Network | Low | None | None | Un- changed | High | High | None | 1.9, 1.10 | |
CVE-2020-1945 | Oracle Retail Item Planning | Application Core (Apache Ant) | HTTP | Yes | 9.1 | Network | Low | None | None | Un- changed | High | High | None | 15.0.3 | |
CVE-2020-1945 | Oracle Retail Macro Space Optimization | ODI Integration (Apache Ant) | HTTP | Yes | 9.1 | Network | Low | None | None | Un- changed | High | High | None | 15.0.3 | |
CVE-2020-1945 | Oracle Retail Merchandise Financial Planning | Application Core (Apache Ant) | HTTP | Yes | 9.1 | Network | Low | None | None | Un- changed | High | High | None | 15.0.3 | |
CVE-2020-1945 | Oracle Retail Predictive Application Server | RPAS Server (Apache Ant) | HTTP | Yes | 9.1 | Network | Low | None | None | Un- changed | High | High | None | 14.0.3, 14.1.3, 15.0.3, 16.0.3 | |
CVE-2020-1945 | Oracle Retail Regular Price Optimization | Operations & Maintenance (Apache Ant) | HTTP | Yes | 9.1 | Network | Low | None | None | Un- changed | High | High | None | 15.0.3, 16.0.3 | |
CVE-2020-1945 | Oracle Retail Replenishment Optimization | Application Core (Apache Ant) | HTTP | Yes | 9.1 | Network | Low | None | None | Un- changed | High | High | None | 15.0.3 | |
CVE-2020-1945 | Oracle Retail Service Backbone | Install (Apache Ant) | HTTP | Yes | 9.1 | Network | Low | None | None | Un- changed | High | High | None | 15.0, 16.0 | |
CVE-2020-1945 | Oracle Retail Size Profile Optimization | Application Core (Apache Ant) | HTTP | Yes | 9.1 | Network | Low | None | None | Un- changed | High | High | None | 15.0.3 | |
CVE-2020-1945 | Oracle Retail Store Inventory Management | SIM Integration (Apache Ant) | HTTP | Yes | 9.1 | Network | Low | None | None | Un- changed | High | High | None | 14.0.4, 14.1.3, 15.0.3, 16.0.3 | |
CVE-2015-9251 | Oracle Retail Customer Management and Segmentation Foundation | Promotions (jQuery) | HTTP | No | 8.0 | Network | Low | Low | Required | Un- changed | High | High | High | 18.0 | |
CVE-2020-5398 | Oracle Retail Assortment Planning | Application Core (Spring Framework) | HTTP | Yes | 7.5 | Network | High | None | Required | Un- changed | High | High | High | 15.0, 16.0 | |
CVE-2020-5398 | Oracle Retail Financial Integration | PeopleSoft Integration (Spring Framework) | HTTP | Yes | 7.5 | Network | High | None | Required | Un- changed | High | High | High | 15.0, 16.0 | |
CVE-2017-12626 | Oracle Retail Fusion Platform | Retail Portal Framework (Apache POI) | HTTP | Yes | 7.5 | Network | Low | None | None | Un- changed | None | None | High | 5.5 | |
CVE-2020-5398 | Oracle Retail Integration Bus | RIB Kernal (Spring Framework) | HTTP | Yes | 7.5 | Network | High | None | Required | Un- changed | High | High | High | 15.0.3, 16.0.3 | |
CVE-2019-12423 | Oracle Retail Order Broker | System Administration (Apache CXF) | HTTP | Yes | 7.5 | Network | Low | None | None | Un- changed | High | None | None | 15.0 | |
CVE-2020-5398 | Oracle Retail Predictive Application Server | RPAS Server (Spring Framework) | HTTP | Yes | 7.5 | Network | High | None | Required | Un- changed | High | High | High | 14.0.3, 14.1.3, 15.0.3, 16.0.3 | |
CVE-2020-5398 | Oracle Retail Service Backbone | RSB Installation (Spring Framework) | HTTP | Yes | 7.5 | Network | High | None | Required | Un- changed | High | High | High | 15.0, 16.0 | |
CVE-2019-10086 | Customer Management and Segmentation Foundation | Promotions (Apache Commons-Beanutils) | HTTP | Yes | 7.3 | Network | Low | None | None | Un- changed | Low | Low | Low | 18.0 | |
CVE-2020-14709 | Customer Management and Segmentation Foundation | Card | HTTP | No | 7.1 | Network | Low | Low | None | Un- changed | Low | High | None | 16.0, 17.0, 18.0 | |
CVE-2019-3740 | Oracle Retail Store Inventory Management | SIM Integration (BSAFE Crypto-J) | TLS | Yes | 6.5 | Network | Low | None | Required | Un- changed | High | None | None | 14.0.4, 14.1.3, 15.0.3, 16.0.3 | |
CVE-2019-17091 | Oracle Retail Financial Integration | PeopleSoft Integration (Eclipse Mojarra) | HTTP | Yes | 6.1 | Network | Low | None | Required | Changed | Low | Low | None | 15.0, 16.0 | |
CVE-2019-17091 | Oracle Retail Integration Bus | RIB Kernal (Eclipse Mojarra) | HTTP | Yes | 6.1 | Network | Low | None | Required | Changed | Low | Low | None | 15.0, 16.0 | |
CVE-2019-17091 | Oracle Retail Invoice Matching | Pricing (Eclipse Mojarra) | HTTP | Yes | 6.1 | Network | Low | None | Required | Changed | Low | Low | None | 16.0 | |
CVE-2019-17091 | Oracle Retail Service Backbone | RSB kernel (Eclipse Mojarra) | HTTP | Yes | 6.1 | Network | Low | None | Required | Changed | Low | Low | None | 15.0, 16.0 | |
CVE-2018-10237 | Oracle Retail Integration Bus | Packaging (Google Guava) | HTTP | Yes | 5.9 | Network | High | None | None | Un- changed | None | None | High | 15.0, 16.0 | |
CVE-2020-14710 | Customer Management and Segmentation Foundation | Security | HTTP | No | 5.4 | Network | Low | Low | None | Un- changed | Low | Low | None | 16.0, 17.0, 18.0 | |
CVE-2020-14708 | Customer Management and Segmentation Foundation | Segment | HTTP | No | 4.3 | Network | Low | Low | None | Un- changed | None | Low | None | 16.0, 17.0, 18.0 | |
CVE-2018-15756 | Oracle Retail Xstore Point of Service | Point of Sale (Spring Framework) | HTTP | No | 4.3 | Network | Low | High | Required | Un- changed | Low | Low | Low | 7.1 | |
CVE-2020-9488 | Oracle Retail Data Extractor for Merchandising | Knowledge Module (Log4j) | SMTPS | Yes | 3.7 | Network | High | None | None | Un- changed | Low | None | None | 18.0 | |
CVE-2020-9488 | Oracle Retail Financial Integration | PeopleSoft Integration (Log4j) | SMTPS | Yes | 3.7 | Network | High | None | None | Un- changed | Low | None | None | 15.0, 16.0 | |
CVE-2020-9488 | Oracle Retail Store Inventory Management | SIM Integration (Log4j) | SMTPS | Yes | 3.7 | Network | High | None | None | Un- changed | Low | None | None | 14.0.4, 14.1.3, 15.0.3, 16.0.3 |
CVE# | Product | Component | Protocol | Remote Exploit without Auth.? | CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) | Supported Versions Affected | Notes | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Base Score | Attack Vector | Attack Complex | Privs Req'd | User Interact | Scope | Confid- entiality | Inte- grity | Avail- ability | |||||||
CVE-2019-16943 | Siebel Engineering - Installer & Deployment | Siebel Approval Manager (jackson-databind) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 2.20.5 and prior | |
CVE-2020-1938 | Siebel UI Framework | EAI, SWSE (Apache Tomcat) | Apache JServ Protocol (AJP) | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 20.5 and prior | |
CVE-2019-16943 | Siebel UI Framework | EAI (jackson-databind) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 20.5 and prior | |
CVE-2020-14531 | Siebel UI Framework | SWSE Server | HTTP | Yes | 5.9 | Network | High | None | Required | Un- changed | High | Low | None | 20.6 and prior | |
CVE-2020-9488 | Siebel Engineering - Installer & Deployment | Siebel Approval Manager (Log4j) | SMTPS | Yes | 3.7 | Network | High | None | None | Un- changed | Low | None | None | 2.20.5 and prior |
CVE# | Product | Component | Protocol | Remote Exploit without Auth.? | CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) | Supported Versions Affected | Notes | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Base Score | Attack Vector | Attack Complex | Privs Req'd | User Interact | Scope | Confid- entiality | Inte- grity | Avail- ability | |||||||
CVE-2019-2729 | Oracle Rapid Planning | Middle Tier | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 12.1, 12.2 | |
CVE-2020-2555 | Oracle Rapid Planning | Middle Tier | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 12.1, 12.2 | |
CVE-2016-1000031 | Oracle Rapid Planning | Middle Tier (Apache Commons FileUpload) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 12.1, 12.2 | |
CVE-2016-5019 | Oracle Rapid Planning | Middle Tier (Apache Trinidad) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 12.1, 12.2 | |
CVE-2020-10683 | Oracle Rapid Planning | Middle Tier (dom4j) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 12.1, 12.2 | |
CVE-2016-4000 | Oracle Rapid Planning | Middle Tier (jython) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 12.1, 12.2 | |
CVE-2017-5645 | Oracle Rapid Planning | Middle Tier (Apache Ant) | Multiple | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 12.1, 12.2 | |
CVE-2017-5645 | Oracle Rapid Planning | Middle Tier (Log4j) | Multiple | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 12.1, 12.2 | |
CVE-2019-17563 | Oracle Transportation Management | Install (Apache Tomcat) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 6.3.7 | |
CVE-2016-6814 | Oracle Agile Engineering Data Management | Install (Apache Groovy) | HTTP | Yes | 9.6 | Network | Low | None | Required | Changed | High | High | High | 6.2.1.0 | |
CVE-2020-1945 | Oracle Rapid Planning | Middle Tier (Apache Ant) | HTTP | Yes | 9.1 | Network | Low | None | None | Un- changed | High | High | None | 12.1, 12.2 | |
CVE-2015-7501 | Oracle Rapid Planning | Middle Tier (Apache Commons Collections) | HTTP | No | 8.8 | Network | Low | Low | None | Un- changed | High | High | High | 12.1, 12.2 | |
CVE-2020-14669 | Oracle Configurator | UI Servlet | HTTP | Yes | 8.2 | Network | Low | None | Required | Changed | High | Low | None | 12.1, 12.2 | |
CVE-2019-0227 | Oracle Agile Engineering Data Management | Install (Apache Axis) | HTTP | Yes | 7.5 | Adjacent Network | High | None | None | Un- changed | High | High | High | 6.2.1.0 | |
CVE-2019-0227 | Oracle Rapid Planning | Installation (Apache Axis) | HTTP | Yes | 7.5 | Adjacent Network | High | None | None | Un- changed | High | High | High | 12.1, 12.2 | |
CVE-2020-5398 | Oracle Rapid Planning | Installation (Spring Framework) | HTTP | Yes | 7.5 | Network | High | None | Required | Un- changed | High | High | High | 12.1, 12.2 | |
CVE-2018-15756 | Oracle Rapid Planning | Middle Tier (Spring Framework) | HTTP | Yes | 7.5 | Network | Low | None | None | Un- changed | None | None | High | 12.1, 12.2 | |
CVE-2018-8013 | Oracle Rapid Planning | Middle Tier (Apache Batik) | HTTP | Yes | 7.3 | Network | Low | None | None | Un- changed | Low | Low | Low | 12.1, 12.2 | |
CVE-2019-17091 | Oracle Rapid Planning | Installation (Eclipse Mojarra) | HTTP | Yes | 6.1 | Network | Low | None | Required | Changed | Low | Low | None | 12.1, 12.2 | |
CVE-2019-1547 | Oracle Agile Engineering Data Management | Install (OpenSSL) | None | No | 4.7 | Local | High | Low | None | Un- changed | High | None | None | 6.2.1.0 | |
CVE-2020-14551 | Oracle AutoVue | Security | HTTP | No | 4.3 | Network | Low | Low | None | Un- changed | None | Low | None | 21.0 | |
CVE-2020-14544 | Oracle Transportation Management | Data, Domain & Function Security | HTTP | No | 4.3 | Network | Low | Low | None | Un- changed | Low | None | None | 6.4.3 |
CVE# | Product | Component | Protocol | Remote Exploit without Auth.? | CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) | Supported Versions Affected | Notes | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Base Score | Attack Vector | Attack Complex | Privs Req'd | User Interact | Scope | Confid- entiality | Inte- grity | Avail- ability | |||||||
CVE-2020-11656 | Oracle ZFS Storage Appliance Kit | Operating System Image | Multiple | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 8.8 | |
CVE-2020-14724 | Oracle Solaris | Device Driver Utility | None | No | 7.3 | Local | Low | Low | Required | Un- changed | High | High | High | 11 | |
CVE-2018-12207 | Oracle Solaris | Kernel | None | No | 6.5 | Local | Low | Low | None | Changed | None | None | High | 11 | See Note 1 |
CVE-2020-14537 | Oracle Solaris | Packaging Scripts | None | No | 5.5 | Local | Low | High | Required | Changed | None | None | High | 11 | |
CVE-2020-14545 | Oracle Solaris | Device Driver Utility | None | No | 5.0 | Local | High | Low | Required | Un- changed | None | High | Low | 11 | |
CVE-2019-5489 | Oracle Solaris | Kernel | Multiple | No | 3.5 | Network | High | Low | None | Changed | Low | None | None | 11 | |
CVE-2020-14542 | Oracle Solaris | libsuri | None | No | 3.3 | Local | Low | Low | None | Un- changed | Low | None | None | 11 |
CVE# | Product | Component | Protocol | Remote Exploit without Auth.? | CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) | Supported Versions Affected | Notes | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Base Score | Attack Vector | Attack Complex | Privs Req'd | User Interact | Scope | Confid- entiality | Inte- grity | Avail- ability | |||||||
CVE-2018-12023 | Oracle Utilities Framework | Common (jackson-databind) | HTTP | Yes | 7.5 | Network | High | None | Required | Un- changed | High | High | High | 4.3.0.5.0, 4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0 |
CVE# | Product | Component | Protocol | Remote Exploit without Auth.? | CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) | Supported Versions Affected | Notes | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Base Score | Attack Vector | Attack Complex | Privs Req'd | User Interact | Scope | Confid- entiality | Inte- grity | Avail- ability | |||||||
CVE-2020-14628 | Oracle VM VirtualBox | Core | None | No | 8.2 | Local | Low | High | None | Changed | High | High | High | Prior to 5.2.44, prior to 6.0.24, prior to 6.1.12 | See Note 1 |
CVE-2020-14646 | Oracle VM VirtualBox | Core | None | No | 7.5 | Local | High | High | None | Changed | High | High | High | Prior to 5.2.44, prior to 6.0.24, prior to 6.1.12 | |
CVE-2020-14647 | Oracle VM VirtualBox | Core | None | No | 7.5 | Local | High | High | None | Changed | High | High | High | Prior to 5.2.44, prior to 6.0.24, prior to 6.1.12 | |
CVE-2020-14649 | Oracle VM VirtualBox | Core | None | No | 7.5 | Local | High | High | None | Changed | High | High | High | Prior to 5.2.44, prior to 6.0.24, prior to 6.1.12 | |
CVE-2020-14713 | Oracle VM VirtualBox | Core | None | No | 7.5 | Local | High | High | None | Changed | High | High | High | Prior to 5.2.44, prior to 6.0.24, prior to 6.1.12 | |
CVE-2020-14674 | Oracle VM VirtualBox | Core | None | No | 7.5 | Local | High | High | None | Changed | High | High | High | Prior to 5.2.44, prior to 6.0.24, prior to 6.1.12 | |
CVE-2020-14675 | Oracle VM VirtualBox | Core | None | No | 7.5 | Local | High | High | None | Changed | High | High | High | Prior to 5.2.44, prior to 6.0.24, prior to 6.1.12 | |
CVE-2020-14676 | Oracle VM VirtualBox | Core | None | No | 7.5 | Local | High | High | None | Changed | High | High | High | Prior to 5.2.44, prior to 6.0.24, prior to 6.1.12 | |
CVE-2020-14677 | Oracle VM VirtualBox | Core | None | No | 7.5 | Local | High | High | None | Changed | High | High | High | Prior to 5.2.44, prior to 6.0.24, prior to 6.1.12 | |
CVE-2020-14699 | Oracle VM VirtualBox | Core | None | No | 7.5 | Local | High | High | None | Changed | High | High | High | Prior to 5.2.44, prior to 6.0.24, prior to 6.1.12 | |
CVE-2020-14711 | Oracle VM VirtualBox | Core | None | No | 6.5 | Local | Low | High | Required | Un- changed | High | High | High | Prior to 5.2.44, prior to 6.0.24, prior to 6.1.12 | See Note 2 |
CVE-2020-14629 | Oracle VM VirtualBox | Core | None | No | 6.0 | Local | Low | High | None | Changed | High | None | None | Prior to 5.2.44, prior to 6.0.24, prior to 6.1.12 | |
CVE-2020-14703 | Oracle VM VirtualBox | Core | None | No | 6.0 | Local | Low | High | None | Changed | High | None | None | Prior to 5.2.44, prior to 6.0.24, prior to 6.1.12 | |
CVE-2020-14704 | Oracle VM VirtualBox | Core | None | No | 6.0 | Local | Low | High | None | Changed | High | None | None | Prior to 5.2.44, prior to 6.0.24, prior to 6.1.12 | |
CVE-2020-14648 | Oracle VM VirtualBox | Core | None | No | 5.3 | Local | High | High | None | Changed | High | None | None | Prior to 5.2.44, prior to 6.0.24, prior to 6.1.12 | |
CVE-2020-14650 | Oracle VM VirtualBox | Core | None | No | 5.3 | Local | High | High | None | Changed | High | None | None | Prior to 5.2.44, prior to 6.0.24, prior to 6.1.12 | |
CVE-2020-14673 | Oracle VM VirtualBox | Core | None | No | 5.3 | Local | High | High | None | Changed | High | None | None | Prior to 5.2.44, prior to 6.0.24, prior to 6.1.12 | |
CVE-2020-14694 | Oracle VM VirtualBox | Core | None | No | 5.3 | Local | High | High | None | Changed | High | None | None | Prior to 5.2.44, prior to 6.0.24, prior to 6.1.12 | |
CVE-2020-14695 | Oracle VM VirtualBox | Core | None | No | 5.3 | Local | High | High | None | Changed | High | None | None | Prior to 5.2.44, prior to 6.0.24, prior to 6.1.12 | |
CVE-2020-14698 | Oracle VM VirtualBox | Core | None | No | 5.3 | Local | High | High | None | Changed | High | None | None | Prior to 5.2.44, prior to 6.0.24, prior to 6.1.12 | |
CVE-2020-14700 | Oracle VM VirtualBox | Core | None | No | 5.3 | Local | High | High | None | Changed | High | None | None | Prior to 5.2.44, prior to 6.0.24, prior to 6.1.12 | |
CVE-2020-14712 | Oracle VM VirtualBox | Core | None | No | 5.0 | Local | Low | Low | Required | Un- changed | None | High | None | Prior to 5.2.44, prior to 6.0.24, prior to 6.1.12 | |
CVE-2020-14707 | Oracle VM VirtualBox | Core | None | No | 5.0 | Local | Low | Low | Required | Un- changed | None | None | High | Prior to 5.2.44, prior to 6.0.24, prior to 6.1.12 | |
CVE-2020-14714 | Oracle VM VirtualBox | Core | None | No | 4.4 | Local | Low | High | None | Un- changed | None | None | High | Prior to 5.2.44, prior to 6.0.24, prior to 6.1.12 | |
CVE-2020-14715 | Oracle VM VirtualBox | Core | None | No | 4.4 | Local | Low | High | None | Un- changed | None | None | High | Prior to 5.2.44, prior to 6.0.24, prior to 6.1.12 |