ORACLE错误原因查询表ORA-%常见ORA-12514
Appendix - Oracle Hyperion
Oracle Hyperion Executive Summary
This Critical Patch Update contains 1 new security fix for Oracle Hyperion. This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The English text form of this Risk Matrix can be found here.
Oracle Hyperion Risk Matrix
CVE#ComponentSub-componentProtocolRemoteExploitwithoutAuth.?CVSS VERSION 3.0 RISK (see Risk Matrix Definitions)Supported Versions AffectedNotesBaseScoreAttackVectorAttackComplexPrivsReq'dUserInteractScopeConfid-entialityInte-grityAvail-abilityCVE-2015-3237Oracle Hyperion EssbaseSecurity (libcurl)HTTPYes6.5NetworkLowNoneNoneUn-changedLowNoneLow11.1.2.2
Additional CVEs addressed are below:
The fix for CVE-2015-3237 also addresses CVE-2015-3236.
Appendix - Oracle Enterprise Manager Grid Control
Oracle Enterprise Manager Grid Control Executive Summary
This Critical Patch Update contains 2 new security fixes for Oracle Enterprise Manager Grid Control. Both of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. None of these fixes are applicable to client-only installations, i.e., installations that do not have Oracle Enterprise Manager Grid Control installed. The English text form of this Risk Matrix can be found here.
Oracle Enterprise Manager products include Oracle Database and Oracle Fusion Middleware components that are affected by the vulnerabilities listed in the Oracle Database and Oracle Fusion Middleware sections. The exposure of Oracle Enterprise Manager products is dependent on the Oracle Database and Oracle Fusion Middleware versions being used. Oracle Database and Oracle Fusion Middleware security fixes are not listed in the Oracle Enterprise Manager risk matrix. However, since vulnerabilities affecting Oracle Database and Oracle Fusion Middleware versions may affect Oracle Enterprise Manager products, Oracle recommends that customers apply the April 2017 Critical Patch Update to the Oracle Database and Oracle Fusion Middleware components of Enterprise Manager. For information on what patches need to be applied to your environments, refer to Critical Patch Update April 2017 Patch Availability Document for Oracle Products, My Oracle Support Note 2228898.1.
Oracle Enterprise Manager Grid Control Risk Matrix
CVE#ComponentSub-componentProtocolRemoteExploitwithoutAuth.?CVSS VERSION 3.0 RISK (see Risk Matrix Definitions)Supported Versions AffectedNotesBaseScoreAttackVectorAttackComplexPrivsReq'dUserInteractScopeConfid-entialityInte-grityAvail-abilityCVE-2016-3092Enterprise Manager Base PlatformSecurity FrameworkHTTPYes7.5NetworkLowNoneNoneUn-changedNoneNoneHigh12.1.0, 13.1.0, 13.2.0 CVE-2017-3518Enterprise Manager Base PlatformDiscovery FrameworkHTTPSYes7.5NetworkLowNoneNoneUn-changedNoneNoneHigh12.1.0, 13.1.0, 13.2.0
Additional CVEs addressed are below:
The fix for CVE-2017-3518 also addresses CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6305, CVE-2016-6306, CVE-2016-6307, CVE-2016-6308, CVE-2016-6309, and CVE-2016-7052.
Appendix - Oracle Applications
Oracle E-Business Suite Executive Summary
This Critical Patch Update contains 11 new security fixes for the Oracle E-Business Suite. 10 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The English text form of this Risk Matrix can be found here.
Oracle E-Business Suite products include Oracle Database and Oracle Fusion Middleware components that are affected by the vulnerabilities listed in the Oracle Database and Oracle Fusion Middleware sections. The exposure of Oracle E-Business Suite products is dependent on the Oracle Database and Oracle Fusion Middleware versions being used. Oracle Database and Oracle Fusion Middleware security fixes are not listed in the Oracle E-Business Suite risk matrix. However, since vulnerabilities affecting Oracle Database and Oracle Fusion Middleware versions may affect Oracle E-Business Suite products, Oracle recommends that customers apply the April 2017 Critical Patch Update to the Oracle Database and Oracle Fusion Middleware components of Oracle E-Business Suite. For information on what patches need to be applied to your environments, refer to Oracle E-Business Suite Release 12 Critical Patch Update Knowledge Document (April 2017), My Oracle Support Note 2241313.1.Some of the risk matrix rows in this section are assigned multiple CVE#s. In these cases, additional CVEs are listed below the risk matrix to improve readability. Each group of CVE identifiers share the same description, vulnerability type, Component, Sub-Component and affected versions listed in the risk matrix entry, but occur in different code sections within a Sub-Component.
Oracle E-Business Suite Risk Matrix
CVE#ComponentSub-componentProtocolRemoteExploitwithoutAuth.?CVSS VERSION 3.0 RISK (see Risk Matrix Definitions)Supported Versions AffectedNotesBaseScoreAttackVectorAttackComplexPrivsReq'dUserInteractScopeConfid-entialityInte-grityAvail-abilityCVE-2017-3549Oracle ScriptingScripting AdministrationHTTPYes9.1NetworkLowNoneNoneUn-changedHighHighNone12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 CVE-2017-3555Oracle iReceivablesSelf RegistrationHTTPYes7.5NetworkLowNoneNoneUn-changedNoneNoneHigh12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 CVE-2017-3393Oracle Advanced Outbound TelephonyInteraction HistoryHTTPYes7.1NetworkLowNoneRequiredUn-changedLowHighNone12.2.3, 12.2.4, 12.2.5, 12.2.6 CVE-2017-3550Oracle Customer Interaction HistoryAdmin ConsoleHTTPYes7.1NetworkLowNoneRequiredUn-changedLowHighNone12.1.1, 12.1.2, 12.1.3 CVE-2017-3337Oracle MarketingUser InterfaceHTTPYes7.1NetworkLowNoneRequiredUn-changedLowHighNone12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 CVE-2017-3432Oracle One-to-One FulfillmentAudience workbenchHTTPYes7.1NetworkLowNoneRequiredUn-changedLowHighNone12.1.1, 12.1.2, 12.1.3 CVE-2017-3557Oracle One-to-One FulfillmentPrint ServerHTTPYes7.1NetworkLowNoneRequiredUn-changedLowHighNone12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 CVE-2017-3592Oracle PayablesSelf Service ManagerHTTPNo6.5NetworkLowHighNoneUn-changedHighHighNone12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 CVE-2017-3528Oracle Applications FrameworkPopup windows (lists of values, datepicker, etc.)HTTPYes5.4NetworkLowNoneRequiredUn-changedLowLowNone12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 CVE-2017-3515Oracle User ManagementUser Name/Password ManagementHTTPYes5.4NetworkLowNoneRequiredUn-changedLowLowNone12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 CVE-2017-3556Oracle Application Object LibraryFile ManagementHTTPYes5.3NetworkLowNoneNoneUn-changedLowNoneNone12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6
Additional CVEs addressed are below:
The fix for CVE-2017-3337 also addresses CVE-2017-3342, CVE-2017-3345, CVE-2017-3347, CVE-2017-3355, and CVE-2017-3356.The fix for CVE-2017-3432 also addresses CVE-2017-3434.
Oracle Supply Chain Products Suite Executive Summary
This Critical Patch Update contains 1 new security fix for the Oracle Supply Chain Products Suite. This vulnerability is not remotely exploitable without authentication, i.e., may not be exploited over a network without requiring user credentials. The English text form of this Risk Matrix can be found here.
Oracle Supply Chain Products Suite Risk Matrix
CVE#ComponentSub-componentProtocolRemoteExploitwithoutAuth.?CVSS VERSION 3.0 RISK (see Risk Matrix Definitions)Supported Versions AffectedNotesBaseScoreAttackVectorAttackComplexPrivsReq'dUserInteractScopeConfid-entialityInte-grityAvail-abilityCVE-2017-3530Oracle Transportation ManagerSecurityHTTPNo6.1NetworkLowHighRequiredUn-changedHighHighNone6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.4.0, 6.4.1, 6.4.2
Oracle PeopleSoft Products Executive Summary
This Critical Patch Update contains 16 new security fixes for Oracle PeopleSoft Products. 8 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The English text form of this Risk Matrix can be found here.
Oracle PeopleSoft Products Risk Matrix
CVE#ComponentSub-componentProtocolRemoteExploitwithoutAuth.?CVSS VERSION 3.0 RISK (see Risk Matrix Definitions)Supported Versions AffectedNotesBaseScoreAttackVectorAttackComplexPrivsReq'dUserInteractScopeConfid-entialityInte-grityAvail-abilityCVE-2017-3519PeopleSoft Enterprise PeopleToolsSecurityHTTPYes7.5NetworkLowNoneNoneUn-changedHighNoneNone8.54, 8.55 CVE-2017-3547PeopleSoft Enterprise PeopleToolsMultiChannel FrameworkHTTPYes7.4NetworkLowNoneRequiredChangedNoneHighNone8.54, 8.55 CVE-2017-3577PeopleSoft Enterprise CS Campus CommunityFrameworksHTTPNo6.5NetworkLowHighNoneUn-changedHighHighNone9.2 CVE-2017-3570PeopleSoft Enterprise FSCMeSettlementsHTTPNo6.5NetworkLowHighNoneUn-changedHighHighNone9.1 CVE-2017-3520PeopleSoft Enterprise PeopleToolsFluid CoreHTTPYes6.5NetworkLowNoneRequiredUn-changedNoneHighNone8.54, 8.55 CVE-2017-3548PeopleSoft Enterprise PeopleToolsIntegration BrokerHTTPYes6.5NetworkLowNoneNoneUn-changedLowNoneLow8.54, 8.55 CVE-2017-3546PeopleSoft Enterprise PeopleToolsMultiChannel FrameworkHTTPYes6.5NetworkLowNoneNoneUn-changedLowLowNone8.54, 8.55 CVE-2014-3596PeopleSoft Enterprise PeopleToolsPortalHTTPYes6.5NetworkLowNoneNoneUn-changedLowLowNone8.54, 8.55 CVE-2017-3521PeopleSoft Enterprise SCM PurchasingSupplier RegistrationHTTPNo6.5NetworkLowHighNoneUn-changedHighHighNone9.2 CVE-2017-3525PeopleSoft Enterprise SCM Service ProcurementUsabilityHTTPNo6.5NetworkLowHighNoneUn-changedHighHighNone9.2 CVE-2017-3524PeopleSoft Enterprise SCM Strategic SourcingBidder RegistrationHTTPNo6.5NetworkLowHighNoneUn-changedHighHighNone9.2 CVE-2017-3571PeopleSoft Enterprise SCM eBill PaymentSecurityHTTPNo6.5NetworkLowHighNoneUn-changedHighHighNone9.2 CVE-2017-3522PeopleSoft Enterprise SCM eSupplier ConnectionVendorHTTPNo6.5NetworkLowHighNoneUn-changedHighHighNone9.2 CVE-2017-3502PeopleSoft Enterprise FIN ReceivablesReceivablesHTTPYes5.3NetworkLowNoneNoneUn-changedNoneLowNone9.2 CVE-2017-3527PeopleSoft Enterprise PeopleToolsFluid CoreHTTPYes5.3NetworkLowNoneNoneUn-changedLowNoneNone8.54, 8.55 CVE-2017-3536PeopleSoft Enterprise PeopleToolsSecurityHTTPNo4.6NetworkLowLowRequiredUn-changedLowLowNone8.54, 8.55
Oracle JD Edwards Products Executive Summary
This Critical Patch Update contains 1 new security fix for Oracle JD Edwards Products. This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The English text form of this Risk Matrix can be found here.
Oracle JD Edwards Products Risk Matrix
CVE#ComponentSub-componentProtocolRemoteExploitwithoutAuth.?CVSS VERSION 3.0 RISK (see Risk Matrix Definitions)Supported Versions AffectedNotesBaseScoreAttackVectorAttackComplexPrivsReq'dUserInteractScopeConfid-entialityInte-grityAvail-abilityCVE-2017-3517JD Edwards EnterpriseOne ToolsWeb Runtime SECHTTPYes6.5NetworkLowNoneNoneUn-changedLowNoneLow9.2
Oracle Siebel CRM Executive Summary
This Critical Patch Update contains 1 new security fix for Oracle Siebel CRM. This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The English text form of this Risk Matrix can be found here.
Oracle Siebel CRM Risk Matrix
CVE#ComponentSub-componentProtocolRemoteExploitwithoutAuth.?CVSS VERSION 3.0 RISK (see Risk Matrix Definitions)Supported Versions AffectedNotesBaseScoreAttackVectorAttackComplexPrivsReq'dUserInteractScopeConfid-entialityInte-grityAvail-abilityCVE-2017-5638Siebel Apps - E-BillingSecurity (Struts 2)HTTPYes10.0NetworkLowNoneNoneChangedHighHighHigh6.1, 6.2, 7.0, 7.1
Oracle Commerce Executive Summary
This Critical Patch Update contains 3 new security fixes for Oracle Commerce. All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The English text form of this Risk Matrix can be found here.
Oracle Commerce Risk Matrix
CVE#ComponentSub-componentProtocolRemoteExploitwithoutAuth.?CVSS VERSION 3.0 RISK (see Risk Matrix Definitions)Supported Versions AffectedNotesBaseScoreAttackVectorAttackComplexPrivsReq'dUserInteractScopeConfid-entialityInte-grityAvail-abilityCVE-2017-3572Oracle Commerce Guided Search / Oracle Commerce Experience ManagerMDEXHTTPYes7.5NetworkLowNoneNoneUn-changedNoneNoneHigh6.2.2, 6.3.0, 6.4.1.2, 6.5.0, 6.5.1, 6.5.2 CVE-2016-6304Oracle Commerce Guided Search / Oracle Commerce Experience ManagerMDEXHTTPSYes7.5NetworkLowNoneNoneUn-changedNoneNoneHigh6.2.2, 6.3.0, 6.4.1.2, 6.5.0, 6.5.1, 6.5.2 CVE-2016-2107Oracle Commerce Guided Search / Oracle Commerce Experience ManagerPlatform ServicesHTTPSYes5.9NetworkHighNoneNoneUn-changedHighNoneNone6.1.4, 11.0, 11.1, 11.2
Additional CVEs addressed are below:
The fix for CVE-2016-2107 also addresses CVE-2016-2105, CVE-2016-2106, CVE-2016-2109, and CVE-2016-2176.The fix for CVE-2016-6304 also addresses CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6306, CVE-2016-7052, CVE-2016-7055, CVE-2017-3731, and CVE-2017-3732.
Appendix - Oracle Communications Applications
Oracle Communications Applications Executive Summary
This Critical Patch Update contains 11 new security fixes for Oracle Communications Applications. 9 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The English text form of this Risk Matrix can be found here.
Oracle Communications Applications Risk Matrix
CVE#ComponentSub-componentProtocolRemoteExploitwithoutAuth.?CVSS VERSION 3.0 RISK (see Risk Matrix Definitions)Supported Versions AffectedNotesBaseScoreAttackVectorAttackComplexPrivsReq'dUserInteractScopeConfid-entialityInte-grityAvail-abilityCVE-2017-5638Oracle Communications Policy ManagementSecurity (Struts 2)HTTPYes10.0NetworkLowNoneNoneChangedHighHighHigh12.2 CVE-2016-0729Oracle Communications ASAPSecurity (Xerces)HTTPYes9.8NetworkLowNoneNoneUn-changedHighHighHigh7.0, 7.2, 7.3 CVE-2016-0635Oracle Communications Network IntegritySecurity (Spring)HTTPNo8.8NetworkLowLowNoneUn-changedHighHighHigh7.3.0, 7.2.4 CVE-2016-3092Oracle Communications Service Broker Engineered System EditionInstall (Apache Commons FileUpload)HTTPYes7.5NetworkLowNoneNoneUn-changedNoneNoneHigh6.0, 6.1 CVE-2013-5209Oracle Communications Session Border ControllerSysadmin (SCTP)SCTPYes7.5NetworkLowNoneNoneUn-changedHighNoneNoneSCZ7.3.0, SCZ7.4.0 CVE-2016-6304Oracle Communications Session Border ControllerRouting (OpenSSL)TLSYes7.5NetworkLowNoneNoneUn-changedNoneNoneHighSCZ7.3.0, SCZ7.4.0 CVE-2012-0920Oracle Communications Session Border ControllerSysadmin (Dropbear)SSHNo7.1NetworkHighLowRequiredUn-changedHighHighHighSCZ7.3.0, SCZ7.4.0 CVE-2017-3732Oracle Communications Security GatewayRouting (OpenSSL)TLSYes5.9NetworkHighNoneNoneUn-changedHighNoneNone3.0.0 CVE-2013-2566Oracle Communications Session Border ControllerSysadminSSHYes5.9NetworkHighNoneNoneUn-changedHighNoneNoneSCZ7.3.0, SCZ7.4.0 CVE-2017-3470Oracle Communications Security GatewayNetworkICMP PingYes5.3NetworkLowNoneNoneUn-changedNoneNoneLow3.0.0 CVE-2015-0204Oracle Communications Session Border ControllerRoutingTLSYes5.3NetworkLowNoneNoneUn-changedNoneLowNoneSCZ7.3.0, SCZ7.4.0
Additional CVEs addressed are below:
The fix for CVE-2016-6304 also addresses CVE-2014-3571, CVE-2015-0286, CVE-2015-1791, CVE-2015-3195, and CVE-2016-2107.The fix for CVE-2017-3732 also addresses CVE-2014-3571, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, and CVE-2015-1792.
-------------------------
Appendix - Oracle Financial Services ApplicationsOracle Financial Services Applications Executive SummaryThis Critical Patch Update contains 47 new security fixes for Oracle Financial Services Applications. 25 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The English text form of this Risk Matrix can be found here.
Oracle Financial Services Applications Risk Matrix
CVE#ComponentSub-componentProtocolRemoteExploitwithoutAuth.?CVSS VERSION 3.0 RISK (see Risk Matrix Definitions)Supported Versions AffectedNotesBaseScoreAttackVectorAttackComplexPrivsReq'dUserInteractScopeConfid-entialityInte-grityAvail-abilityCVE-2017-5638Oracle FLEXCUBE Private BankingCore (Struts 2)HTTPYes10.0NetworkLowNoneNoneChangedHighHighHigh12.0.1, 12.0.2, 12.0.3, 12.1.0 CVE-2017-5638Oracle Financial Services Analytical Applications InfrastructureCore (Struts 2)HTTPYes10.0NetworkLowNoneNoneChangedHighHighHigh7.3.3, 7.3.4, 7.3.5 CVE-2017-5638Oracle Financial Services Asset Liability ManagementCore (Struts 2)HTTPYes10.0NetworkLowNoneNoneChangedHighHighHigh6.0.0, 6.1.0, 6.1.1, 8.0.1, 8.0.2, 8.0.3, 8.0.4 CVE-2017-5638Oracle Financial Services Basel Regulatory Capital BasicCore (Struts 2)HTTPYes10.0NetworkLowNoneNoneChangedHighHighHigh6.1.2, 6.1.3, 8.0.2, 8.0.3 CVE-2017-5638Oracle Financial Services Basel Regulatory Capital Internal Ratings Based ApproachCore (Struts 2)HTTPYes10.0NetworkLowNoneNoneChangedHighHighHigh6.1.2, 6.1.3, 8.0.2, 8.0.3 CVE-2017-5638Oracle Financial Services Data FoundationCore (Struts 2)HTTPYes10.0NetworkLowNoneNoneChangedHighHighHigh8.0.1, 8.0.2, 8.0.3, 8.0.4 CVE-2017-5638Oracle Financial Services Data Integration HubCore (Struts 2)HTTPYes10.0NetworkLowNoneNoneChangedHighHighHigh8.0.1, 8.0.2, 8.0.3, 8.0.4 CVE-2017-5638Oracle Financial Services Enterprise Financial Performance AnalyticsCore (Struts 2)HTTPYes10.0NetworkLowNoneNoneChangedHighHighHigh8.0.0 to 8.0.4 CVE-2017-5638Oracle Financial Services Funds Transfer PricingCore (Struts 2)HTTPYes10.0NetworkLowNoneNoneChangedHighHighHigh6.0.0, 6.1.0, 6.1.1, 8.0.1, 8.0.2, 8.0.3, 8.0.4 CVE-2017-5638Oracle Financial Services Hedge Management and IFRS ValuationsCore (Struts 2)HTTPYes10.0NetworkLowNoneNoneChangedHighHighHigh6.1.1, 8.0.1, 8.0.2, 8.0.3, 8.0.4 CVE-2017-5638Oracle Financial Services Institutional Performance AnalyticsCore (Struts 2)HTTPYes10.0NetworkLowNoneNoneChangedHighHighHigh8.0.0 to 8.0.4 CVE-2017-5638Oracle Financial Services Liquidity Risk ManagementCore (Struts 2)HTTPYes10.0NetworkLowNoneNoneChangedHighHighHigh8.0.1, 8.0.2, 8.0.4 CVE-2017-5638Oracle Financial Services Loan Loss Forecasting and ProvisioningCore (Struts 2)HTTPYes10.0NetworkLowNoneNoneChangedHighHighHigh1.5.0, 1.5.1, 8.0.1, 8.0.2, 8.0.3, 8.0.4 CVE-2017-5638Oracle Financial Services Pricing Management/Transfer Pricing ComponentCore (Struts 2)HTTPYes10.0NetworkLowNoneNoneChangedHighHighHigh8.0.0 to 8.0.4 CVE-2017-5638Oracle Financial Services Profitability ManagementCore (Struts 2)HTTPYes10.0NetworkLowNoneNoneChangedHighHighHigh6.0.0, 6.1.0, 6.1.1, 8.0.1, 8.0.2, 8.0.3, 8.0.4 CVE-2017-5638Oracle Financial Services Reconciliation FrameworkCore (Struts 2)HTTPYes10.0NetworkLowNoneNoneChangedHighHighHigh8.0.0, 8.0.1, 8.0.2 CVE-2017-5638Oracle Financial Services Retail Customer AnalyticsCore (Struts 2)HTTPYes10.0NetworkLowNoneNoneChangedHighHighHigh8.0.0 to 8.0.3 CVE-2017-5638Oracle Financial Services Retail Performance AnalyticsCore (Struts 2)HTTPYes10.0NetworkLowNoneNoneChangedHighHighHigh8.0.0 to 8.0.4 CVE-2017-5638Oracle Insurance Data FoundationCore (Struts 2)HTTPYes10.0NetworkLowNoneNoneChangedHighHighHigh8.0.1, 8.0.2, 8.0.3, 8.0.4 CVE-2016-0635Oracle FLEXCUBE Private BankingCore (Spring Framework)HTTPNo8.8NetworkLowLowNoneUn-changedHighHighHigh12.0.1, 12.0.2, 12.0.3, 12.1.0 CVE-2017-3493Oracle FLEXCUBE Enterprise Limits and Collateral ManagementInfrastructureHTTPNo8.5NetworkLowLowNoneChangedHighNoneLow12.0.0, 12.1.0 CVE-2017-3472Oracle FLEXCUBE Private BankingPortfolio ManagementHTTPNo8.1NetworkLowLowNoneUn-changedHighHighNone2.0.0, 2.0.1, 2.2.0.1, 12.0.1 CVE-2017-3476Oracle FLEXCUBE Private BankingMiscellaneousHTTPNo7.1NetworkLowLowNoneUn-changedHighLowNone2.0.0, 2.0.1, 2.2.0.1, 12.0.1 CVE-2017-3485Oracle FLEXCUBE Universal BankingInfrastructureHTTPNo6.8NetworkHighLowNoneUn-changedNoneHighHigh11.3.0, 11.4.0, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0 CVE-2017-3491Oracle FLEXCUBE Enterprise Limits and Collateral ManagementLimits and CollateralHTTPNo6.5NetworkLowLowNoneUn-changedHighNoneNone12.0.1, 12.1.0 CVE-2017-3488Oracle FLEXCUBE Investor ServicingUnit TrustHTTPNo6.5NetworkLowLowNoneUn-changedNoneHighNone12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.1.0, 12.2.0, 12.3.0 CVE-2017-3534Oracle FLEXCUBE Universal BankingInfrastructureHTTPNo6.5NetworkLowLowNoneUn-changedHighNoneNone12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0 CVE-2017-3496Oracle FLEXCUBE Enterprise Limits and Collateral ManagementInfrastructureHTTPYes6.1NetworkLowNoneRequiredChangedLowLowNone12.0.0, 12.1.0 CVE-2017-3492Oracle FLEXCUBE Enterprise Limits and Collateral ManagementInfrastructureHTTPNo5.4NetworkLowLowNoneUn-changedLowLowNone12.0.0, 12.1.0 CVE-2017-3484Oracle FLEXCUBE Enterprise Limits and Collateral ManagementLimits and CollateralHTTPNo5.4NetworkLowLowNoneUn-changedLowLowNone12.0.0, 12.1.0 CVE-2017-3489Oracle FLEXCUBE Investor ServicingSecurity Management SystemHTTPNo5.4NetworkLowLowNoneUn-changedLowLowNone12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.1.0, 12.2.0, 12.3.0 CVE-2017-3288Oracle FLEXCUBE Investor ServicingUnit TrustHTTPNo5.4NetworkLowLowNoneUn-changedLowLowNone12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.1.0, 12.2.0, 12.3.0 CVE-2017-3478Oracle FLEXCUBE Private BankingMiscellaneousHTTPNo5.4NetworkLowLowNoneUn-changedLowLowNone12.0.0, 12.1.0 CVE-2017-3479Oracle FLEXCUBE Private BankingMiscellaneousHTTPNo5.4NetworkLowLowNoneUn-changedNoneLowLow2.0.0, 2.0.1, 2.2.0.1, 12.0.1 CVE-2017-3482Oracle FLEXCUBE Universal BankingInfrastructureHTTPNo5.4NetworkLowLowRequiredChangedLowLowNone12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0 CVE-2017-3475Oracle FLEXCUBE Private BankingMiscellaneousHTTPNo5.0NetworkLowLowNoneChangedNoneNoneLow2.0.0, 2.0.1, 2.2.0.1, 12.0.1 CVE-2017-3495Oracle FLEXCUBE Direct BankingPre-LoginHTTPYes4.7NetworkLowNoneRequiredChangedLowNoneNone12.0.2, 12.0.3 CVE-2017-3471Oracle FLEXCUBE Private BankingMiscellaneousHTTPYes4.7NetworkLowNoneRequiredChangedNoneLowNone12.0.0, 12.1.0 CVE-2017-3480Oracle FLEXCUBE Universal BankingInfrastructureHTTPYes4.7NetworkLowNoneRequiredChangedLowNoneNone11.3.0, 11.4.0, 12.0.1 CVE-2017-3535Oracle FLEXCUBE Universal BankingInfrastructureHTTPYes4.7NetworkLowNoneRequiredChangedLowNoneNone11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3 CVE-2017-3494Oracle FLEXCUBE Universal BankingRetail TellerHTTPYes4.7NetworkLowNoneRequiredChangedLowNoneNone11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3 CVE-2017-3483Oracle FLEXCUBE Enterprise Limits and Collateral ManagementLimits and CollateralNoneNo4.4LocalLowHighNoneUn-changedHighNoneNone12.0.0, 12.1.0 CVE-2017-3473Oracle FLEXCUBE Private BankingMiscellaneousHTTPNo4.3NetworkLowLowNoneUn-changedLowNoneNone2.0.0, 2.0.1, 2.2.0.1, 12.0.1 CVE-2017-3481Oracle FLEXCUBE Universal BankingInfrastructureHTTPNo4.3NetworkLowLowNoneUn-changedNoneNoneLow11.3.0, 11.4.0, 12.0.1 CVE-2017-3477Oracle FLEXCUBE Private BankingMiscellaneousHTTPNo4.2NetworkHighLowNoneUn-changedLowLowNone12.0.0, 12.1.0 CVE-2017-3490Oracle FLEXCUBE Enterprise Limits and Collateral ManagementLimits and CollateralHTTPNo3.1NetworkHighLowNoneUn-changedLowNoneNone12.0.0, 12.1.0 CVE-2017-3487Oracle FLEXCUBE Investor ServicingUnit TrustHTTPNo3.1NetworkHighLowNoneUn-changedNoneLowNone12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.1.0, 12.2.0, 12.3.0
Appendix - Oracle Health Sciences Applications
Oracle Health Sciences Applications Executive Summary
This Critical Patch Update contains 1 new security fix for Oracle Health Sciences Applications. This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The English text form of this Risk Matrix can be found here.
Oracle Health Sciences Applications Risk Matrix
CVE#ComponentSub-componentProtocolRemoteExploitwithoutAuth.?CVSS VERSION 3.0 RISK (see Risk Matrix Definitions)Supported Versions AffectedNotesBaseScoreAttackVectorAttackComplexPrivsReq'dUserInteractScopeConfid-entialityInte-grityAvail-abilityCVE-2016-3092Oracle Healthcare Master Person IndexCleanser, Profiler (Apache Commons FileUpload)HTTPYes7.5NetworkLowNoneNoneUn-changedNoneNoneHighPrior to and 2.0.1.x, 3.0.0.x and 4.0.1.x
Appendix - Oracle Hospitality Applications
Oracle Hospitality Applications Executive Summary
This Critical Patch Update contains 6 new security fixes for Oracle Hospitality Applications. 1 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The English text form of this Risk Matrix can be found here.
Oracle Hospitality Applications Risk Matrix
CVE#ComponentSub-componentProtocolRemoteExploitwithoutAuth.?CVSS VERSION 3.0 RISK (see Risk Matrix Definitions)Supported Versions AffectedNotesBaseScoreAttackVectorAttackComplexPrivsReq'dUserInteractScopeConfid-entialityInte-grityAvail-abilityCVE-2017-3574Oracle Hospitality OPERA 5 Property ServicesOPERA License code configurationHTTPNo7.1NetworkLowLowNoneUn-changedHighLowNone5.4.0.x, 5.4.1.x, 5.4.2.x, 5.4.3.x, 5.5.0.x, 5.5.1.x CVE-2017-3568Oracle Hospitality OPERA 5 Property ServicesOPERA Printing and LoginNoneNo6.5LocalHighNoneRequiredUn-changedHighHighLow5.4.0.x, 5.4.1.x, 5.4.2.x, 5.4.3.x, 5.5.0.x, 5.5.1.x CVE-2017-3573Oracle Hospitality OPERA 5 Property ServicesOPERA PrintingHTTPYes6.1NetworkLowNoneRequiredChangedLowLowNone5.4.0.x, 5.4.1.x, 5.4.2.x, 5.4.3.x, 5.5.0.x, 5.5.1.x CVE-2017-3569Oracle Hospitality OPERA 5 Property ServicesOPERA Business EventsHTTPNo5.4NetworkLowLowNoneUn-changedLowLowNone5.4.0.x, 5.4.1.x, 5.4.2.x, 5.4.3.x, 5.5.0.x, 5.5.1.x CVE-2017-3552Oracle Hospitality OPERA 5 Property ServicesOPERA Room Image/Picture SetupHTTPNo4.3NetworkLowLowNoneUn-changedLowNoneNone5.4.0.x, 5.4.1.x, 5.4.2.x, 5.4.3.x, 5.5.0.x, 5.5.1.x CVE-2017-3560Oracle Hospitality OPERA 5 Property ServicesOXI InterfaceHTTPNo4.3NetworkLowLowNoneUn-changedLowNoneNone5.4.0.x, 5.4.1.x, 5.4.2.x, 5.4.3.x, 5.5.0.x, 5.5.1.x
Appendix - Oracle Insurance Applications
Oracle Insurance Applications Executive Summary
This Critical Patch Update contains 1 new security fix for Oracle Insurance Applications. This vulnerability is not remotely exploitable without authentication, i.e., may not be exploited over a network without requiring user credentials. The English text form of this Risk Matrix can be found here.
Oracle Insurance Applications Risk Matrix
CVE#ComponentSub-componentProtocolRemoteExploitwithoutAuth.?CVSS VERSION 3.0 RISK (see Risk Matrix Definitions)Supported Versions AffectedNotesBaseScoreAttackVectorAttackComplexPrivsReq'dUserInteractScopeConfid-entialityInte-grityAvail-abilityCVE-2015-7940Oracle Insurance IstreamIStream Publisher (Bouncy Castle)HTTPNo6.5NetworkLowLowNoneUn-changedHighNoneNone4.3.2 and prior
Appendix - Oracle Retail Applications
Oracle Retail Applications Executive Summary
This Critical Patch Update contains 39 new security fixes for Oracle Retail Applications. 32 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The English text form of this Risk Matrix can be found here.
Oracle Retail Applications Risk Matrix
CVE#ComponentSub-componentProtocolRemoteExploitwithoutAuth.?CVSS VERSION 3.0 RISK (see Risk Matrix Definitions)Supported Versions AffectedNotesBaseScoreAttackVectorAttackComplexPrivsReq'dUserInteractScopeConfid-entialityInte-grityAvail-abilityCVE-2017-5638Oracle Retail XBRi Loss PreventionInternal Operations (Struts 2)HTTPYes10.0NetworkLowNoneNoneChangedHighHighHigh10.0.1, 10.5.0, 10.6.0, 10.7.0, 10.8.0, 10.8.1 CVE-2016-0635Oracle Retail Back OfficeSecurityHTTPNo8.8NetworkLowLowNoneUn-changedHighHighHigh14.1 CVE-2016-0635Oracle Retail Invoice MatchingSecurityHTTPNo8.8NetworkLowLowNoneUn-changedHighHighHigh13.2, 14.0, 14.1 CVE-2016-0635Oracle Retail Point-of-ServiceInfrastructureHTTPNo8.8NetworkLowLowNoneUn-changedHighHighHigh14.1.3 CVE-2016-0635Oracle Retail Point-of-ServiceMobile POSHTTPNo8.8NetworkLowLowNoneUn-changedHighHighHigh14.1.3 CVE-2016-0635Oracle Retail Returns ManagementSecurityHTTPNo8.8NetworkLowLowNoneUn-changedHighHighHigh14.1 CVE-2016-3506MICROS LucasSecurityOracle NetYes8.1NetworkHighNoneNoneUn-changedHighHighHigh2.9.5.1, 2.9.5.2, 2.9.5.3, 2.9.5.4, 2.9.5.5 CVE-2016-3506MICROS Relate CRM SoftwareWeb ServicesOracle NetYes8.1NetworkHighNoneNoneUn-changedHighHighHigh10.0, 10.5, 10.8, 11.0, 11.1, 11.4, 15.0 CVE-2016-3506MICROS XBRDatabaseOracle NetYes8.1NetworkHighNoneNoneUn-changedHighHighHigh10.0.1, 10.5.0, 10.6.0, 10.7.7, 10.8.0, 10.8.1 CVE-2016-3506MICROS Xstore PaymentSecurityOracle NetYes8.1NetworkHighNoneNoneUn-changedHighHighHigh5.5, 6.0, 6.5, 7.0, 7.1, 15.0, 16.0 CVE-2016-3506Oracle Retail Advanced Inventory PlanningInstallationOracle NetYes8.1NetworkHighNoneNoneUn-changedHighHighHigh14.1, 15.0 CVE-2016-3506Oracle Retail Advanced Science EngineGeneralOracle NetYes8.1NetworkHighNoneNoneUn-changedHighHighHigh14.1 CVE-2016-3506Oracle Retail Analytic Parameter Calculator - ROData InterfaceOracle NetYes8.1NetworkHighNoneNoneUn-changedHighHighHigh15.0 CVE-2016-3506Oracle Retail Analytic Parameter Calculator - ROInstallation/ConfigurationOracle NetYes8.1NetworkHighNoneNoneUn-changedHighHighHigh15.0 CVE-2016-3506Oracle Retail AnalyticsInstallationOracle NetYes8.1NetworkHighNoneNoneUn-changedHighHighHigh14.0, 14.1, 15.0, 16.0 CVE-2016-3506Oracle Retail Assortment PlanningInstallationOracle NetYes8.1NetworkHighNoneNoneUn-changedHighHighHigh14.1.3, 15.0.1, 16.0.0 CVE-2016-3506Oracle Retail Category ManagementInstallationOracle NetYes8.1NetworkHighNoneNoneUn-changedHighHighHigh13.2, 13.3, 14.0, 14.1 CVE-2016-3506Oracle Retail Category Management Planning & OptimizationInstallationOracle NetYes8.1NetworkHighNoneNoneUn-changedHighHighHigh15.0 CVE-2016-3506Oracle Retail Customer InsightsInstallerOracle NetYes8.1NetworkHighNoneNoneUn-changedHighHighHigh15.0 CVE-2016-2510Oracle Retail Customer Management and Segmentation FoundationWeb ServicesHTTPSYes8.1NetworkHighNoneNoneUn-changedHighHighHigh15.0 CVE-2016-3506Oracle Retail Demand ForecastingInstallationOracle NetYes8.1NetworkHighNoneNoneUn-changedHighHighHigh14.1.3, 15.0.2 CVE-2016-3506Oracle Retail Item PlanningInstallationOracle NetYes8.1NetworkHighNoneNoneUn-changedHighHighHigh14.1.3, 15.0.2 CVE-2016-3506Oracle Retail Macro Space OptimizationInstallationOracle NetYes8.1NetworkHighNoneNoneUn-changedHighHighHigh15.0.2 CVE-2016-3506Oracle Retail Merchandise Financial PlanningInstallationOracle NetYes8.1NetworkHighNoneNoneUn-changedHighHighHigh14.1.3, 15.0.2 CVE-2016-3506Oracle Retail Merchandising InsightsInstallerOracle NetYes8.1NetworkHighNoneNoneUn-changedHighHighHigh15.0 CVE-2016-3506Oracle Retail Order BrokerOrder Broker FoundationOracle NetYes8.1NetworkHighNoneNoneUn-changedHighHighHigh5.1, 5.2, 15.0, 16.0 CVE-2016-3506Oracle Retail Predictive Application ServerInstaller - ServerOracle NetYes8.1NetworkHighNoneNoneUn-changedHighHighHigh13.1, 13.2, 13.3, 13.4, 14.0, 14.1, 15.0 CVE-2016-3506Oracle Retail Regular Price OptimizationInstallationOracle NetYes8.1NetworkHighNoneNoneUn-changedHighHighHigh14.1.3, 15.0.2 CVE-2016-3506Oracle Retail Replenishment OptimizationInstallationOracle NetYes8.1NetworkHighNoneNoneUn-changedHighHighHigh14.1.3, 15.0.2 CVE-2016-3506Oracle Retail Size Profile OptimizationInstallationOracle NetYes8.1NetworkHighNoneNoneUn-changedHighHighHigh14.1.3, 15.0.2 CVE-2016-3506Oracle Retail Store InventoryInstallationOracle NetYes8.1NetworkHighNoneNoneUn-changedHighHighHigh14.1, 15.0, 16.0 CVE-2016-3506Oracle Retail Xstore Point of ServicePoint of SaleOracle NetYes8.1NetworkHighNoneNoneUn-changedHighHighHigh5.5, 6.0, 6.5, 7.1, 15.0 CVE-2016-3506Oracle Retail Xstore Point of ServicePoint of SaleOracle NetYes8.1NetworkHighNoneNoneUn-changedHighHighHigh5.5, 6.0, 6.5, 7.0, 7.1, 15.0, 16.0 CVE-2016-1181Oracle Retail Invoice MatchingSecurityNoneNo7.8LocalLowLowNoneUn-changedHighHighHigh12.0, 13.0, 13.1, 13.2, 14.0, 14.1 CVE-2017-3254Oracle Retail Invoice MatchingSecurityHTTPYes7.6NetworkLowNoneRequiredUn-changedHighLowLow12.0, 13.0 CVE-2015-7940Oracle Retail Open Commerce PlatformFrameworkHTTPYes7.5NetworkLowNoneNoneUn-changedHighNoneNone4.0, 5.0, 5.1, 5.3, 6.0 CVE-2015-0204Oracle Retail Predictive Application ServerRPAS ServerSSL/TLSYes7.5NetworkLowNoneNoneUn-changedNoneNoneHigh13.3.3, 13.4.3, 14.0.3, 14.1.3, 15.0.2, 16.0.0 CVE-2017-3532Oracle Retail Warehouse Management SystemSecurityHTTPYes6.1NetworkLowNoneRequiredChangedLowLowNone13.2, 14.0, 15.0 CVE-2017-3451Oracle Retail Open Commerce PlatformWebHTTPNo5.4NetworkLowLowRequiredChangedLowLowNone4.0, 5.0, 5.1, 5.3, 6.0, 6.1, 15.0, 16.0
Additional CVEs addressed are below:
The fix for CVE-2015-0204 also addresses CVE-2014-3571.The fix for CVE-2016-1181 also addresses CVE-2014-0114, and CVE-2016-1182.The fix for CVE-2017-5638 also addresses CVE-2016-4436.
-------------------------
[table=955,#ffffff,,1][tr][td]
[table=955,#ffffff,,1] Appendix - Oracle Support ToolsOracle Support Tools Executive SummaryThis Critical Patch Update contains 13 new security fixes for Oracle Support Tools. 4 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The English text form of this Risk Matrix can be found here.
Oracle Support Tools Risk Matrix
CVE#ComponentSub-componentProtocolRemoteExploitwithoutAuth.?CVSS VERSION 3.0 RISK (see Risk Matrix Definitions)Supported Versions AffectedNotesBaseScoreAttackVectorAttackComplexPrivsReq'dUserInteractScopeConfid-entialityInte-grityAvail-abilityCVE-2017-3234Automatic Service Request (ASR)ASR ManagerSFTYes9.8NetworkLowNoneNoneUn-changedHighHighHighPrior to 5.7 CVE-2017-3237Automatic Service Request (ASR)ASR ManagerNoneNo7.8LocalLowLowNoneUn-changedHighHighHighPrior to 5.7 CVE-2017-3581Automatic Service Request (ASR)ASR ManagerNoneNo7.8LocalLowLowNoneUn-changedHighHighHighPrior to 5.7 CVE-2017-3620Automatic Service Request (ASR)ASR ManagerNoneNo7.8LocalLowLowNoneUn-changedHighHighHighPrior to 5.7 CVE-2017-3233Automatic Service Request (ASR)ASR ManagerHTTPYes7.5NetworkLowNoneNoneUn-changedNoneHighNonePrior to 5.7 CVE-2016-6304OSS Support ToolsOracle Explorer (OpenSSL)SSL/TLSYes7.5NetworkLowNoneNoneUn-changedNoneNoneHighPrior to RDA 8.15.17.3.14 CVE-2015-5252Oracle Advanced Support GatewaySamba ServiceSMBYes7.2NetworkLowNoneNoneChangedLowLowNonePrior to 7.2 CVE-2017-3618Automatic Service Request (ASR)ASR ManagerNoneNo7.1LocalLowLowNoneUn-changedHighHighNonePrior to 5.7 CVE-2017-3232Automatic Service Request (ASR)ASR ManagerNoneNo5.5LocalLowLowNoneUn-changedHighNoneNonePrior to 5.7 CVE-2017-3619Automatic Service Request (ASR)ASR ManagerNoneNo5.5LocalLowLowNoneUn-changedHighNoneNonePrior to 5.7 CVE-2017-3504Automatic Service Request (ASR)ASR ManagerNoneNo5.1LocalLowNoneNoneUn-changedNoneLowLowPrior to 5.7 CVE-2017-3505Automatic Service Request (ASR)ASR ManagerNoneNo5.1LocalLowNoneNoneUn-changedNoneLowLowPrior to 5.7 CVE-2004-2761Oracle Trace File Analyzer (TFA)TFA CollectorMultipleNo4.3NetworkLowLowNoneUn-changedNoneLowNonePrior to 12.1.2.8.4 Additional CVEs addressed are below:
The fix for CVE-2016-6304 also addresses CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6305, CVE-2016-6306, CVE-2016-6307, CVE-2016-6308, CVE-2016-6309, and CVE-2016-7052.[/td][/tr][/table][/td][/tr][/table]
Integrated Cloud Applications and Platform Services
赞0
踩0