Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-0635

Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2; the Oracle Health Sciences Information Manager component in Oracle Health Sciences Applications 1.2.8.3, 2.0.2.3, and 3.0.1.0; the Oracle Healthcare Master Person Index component in Oracle Health Sciences Applications 2.0.12, 3.0.0, and 4.0.1; the Oracle Documaker component in Oracle Insurance Applications before 12.5; the Oracle Insurance Calculation Engine component in Oracle Insurance Applications 9.7.1, 10.1.2, and 10.2.2; the Oracle Insurance Policy Administration J2EE and Oracle Insurance Rules Palette components in Oracle Insurance Applications 9.6.1, 9.7.1, 10.0.1, 10.1.2, 10.2.0, and 10.2.2; the Oracle Retail Integration Bus component in Oracle Retail Applications 15.0; the Oracle Retail Order Broker component in Oracle Retail Applications 5.1, 5.2, and 15.0; the Primavera Contract Management component in Oracle Primavera Products Suite 14.2; the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.2, 8.3, 8.4, 15.1, 15.2, and 16.1; the Oracle Financial Services Analytical Applications Infrastructure component in Oracle Financial Services Applications 8.0.0, 8.0.1, 8.0.2, and 8.0.3; the Oracle Commerce Guided Search / Oracle Commerce Experience Manager component in Oracle Commerce 3.1.1, 3.1.2, 11.0, 11.1, and 11.2; the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5; the Oracle Communications BRM - Elastic Charging Engine 11.2.0.0.0 and 11.3.0.0.0; the Oracle Enterprise Repository Enterprise Repository 12.1.3.0.0; the Oracle Financial Services Behavior Detection Platform 8.0.1 and 8.0.2; the Oracle Hyperion Essbase 12.2.1.1; the Oracle Tuxedo System and Applications Monitor (TSAM) 11.1.1.2.0, 11.1.1.2.1, 11.1.1.2.1, 12.1.1.1.0, 12.1.3.0.0, and 12.2.2.0.0; the Oracle Communications WebRTC Session Controller component of Oracle Communications Applications (subcomponent: Security (Spring)) 7.0, 7.1 and 7.2; the Oracle Endeca Information Discovery Integrator 3.2; the Converged Commerce component of Oracle Retail Applications 16.0.1; the Oracle Identity Manager 11.1.2.3.0; Oracle Enterprise Manager for MySQL Database 12.1.0.4; Oracle Retail Invoice Matching 12.0, 13.0, 13.1, 13.2, 14.0, and 14.1; Oracle Communications Performance Intelligence Center (PIC) Software Prior to 10.2.1 and the Oracle Knowledge component of Oracle Siebel CRM (subcomponent: AnswerFlow (Spring Framework)) version 8.5.1.0 - 8.5.1.7 and 8.6.0 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

Published

2016-07-21T10:12:00.177

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

8.0

Impact Score

10.0

Weaknesses
  • Type: Primary
    NVD-CWE-noinfo
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application oracle documaker ≤ 12.5 Yes
Application oracle enterprise_manager_ops_center 12.1.4 Yes
Application oracle enterprise_manager_ops_center 12.2.2 Yes
Application oracle enterprise_manager_ops_center 12.3.2 Yes
Application oracle health_sciences_information_manager 1.2.8.3 Yes
Application oracle health_sciences_information_manager 2.0.2.3 Yes
Application oracle health_sciences_information_manager 3.0.1.0 Yes
Application oracle healthcare_master_person_index 2.0.12 Yes
Application oracle healthcare_master_person_index 3.0.0 Yes
Application oracle healthcare_master_person_index 4.0.1 Yes
Application oracle insurance_calculation_engine 9.7.1 Yes
Application oracle insurance_calculation_engine 10.1.2 Yes
Application oracle insurance_calculation_engine 10.2.2 Yes
Application oracle insurance_policy_administration_j2ee 9.6.1 Yes
Application oracle insurance_policy_administration_j2ee 9.7.1 Yes
Application oracle insurance_policy_administration_j2ee 10.0.1 Yes
Application oracle insurance_policy_administration_j2ee 10.1.2 Yes
Application oracle insurance_policy_administration_j2ee 10.2.0 Yes
Application oracle insurance_policy_administration_j2ee 10.2.2 Yes
Application oracle insurance_rules_palette 9.6.1 Yes
Application oracle insurance_rules_palette 9.7.1 Yes
Application oracle insurance_rules_palette 10.0.1 Yes
Application oracle insurance_rules_palette 10.1.2 Yes
Application oracle insurance_rules_palette 10.2.0 Yes
Application oracle insurance_rules_palette 10.2.2 Yes
Application oracle primavera_contract_management 14.2 Yes
Application oracle primavera_p6_enterprise_project_portfolio_management 8.2 Yes
Application oracle primavera_p6_enterprise_project_portfolio_management 8.3 Yes
Application oracle primavera_p6_enterprise_project_portfolio_management 8.4 Yes
Application oracle primavera_p6_enterprise_project_portfolio_management 15.1 Yes
Application oracle primavera_p6_enterprise_project_portfolio_management 15.2 Yes
Application oracle primavera_p6_enterprise_project_portfolio_management 16.1 Yes
Application oracle retail_integration_bus 15.0 Yes
Application oracle retail_order_broker_cloud_service 5.1 Yes
Application oracle retail_order_broker_cloud_service 5.2 Yes
Application oracle retail_order_broker_cloud_service 15.0 Yes
References