The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Oracle Portal

threat note CVE-2015-3237 CVE-2015-7182 CVE-2016-1181

Oracle Fusion Middleware: vulnerabilities of July 2016

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle Fusion Middleware.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 22.
Creation date: 20/07/2016.
Identifiers: 7014463, cpuapr2019, cpujul2016, cpuoct2018, CVE-2015-3237, CVE-2015-7182, CVE-2016-1181, CVE-2016-1548, CVE-2016-2107, CVE-2016-3432, CVE-2016-3433, CVE-2016-3445, CVE-2016-3446, CVE-2016-3474, CVE-2016-3482, CVE-2016-3487, CVE-2016-3499, CVE-2016-3502, CVE-2016-3504, CVE-2016-3510, CVE-2016-3544, CVE-2016-3564, CVE-2016-3586, CVE-2016-3607, CVE-2016-3608, CVE-2016-5019, CVE-2016-5477, VIGILANCE-VUL-20164, ZDI-16-441, ZDI-16-442, ZDI-16-443, ZDI-16-444.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Oracle Fusion Middleware.

An attacker can use a vulnerability via Oracle Directory Server Enterprise Edition, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-7182]

An attacker can use a vulnerability via Oracle GlassFish Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3607, ZDI-16-442]

An attacker can use a vulnerability via Oracle WebLogic Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3510, ZDI-16-443]

An attacker can use a vulnerability via Oracle WebLogic Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3586, ZDI-16-441]

An attacker can use a vulnerability via Oracle WebLogic Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3499, ZDI-16-444]

An attacker can use a vulnerability via Oracle JDeveloper, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3504, CVE-2016-5019]

An attacker can use a vulnerability via Oracle Business Intelligence Enterprise Edition, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3446]

An attacker can use a vulnerability via Oracle Portal, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-1181]

An attacker can use a vulnerability via Oracle TopLink, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3564]

An attacker can use a vulnerability via Oracle WebCenter Sites, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3487]

An attacker can use a vulnerability via Oracle Business Intelligence Enterprise Edition, in order to obtain or alter information. [severity:3/4; CVE-2016-3544]

An attacker can use a vulnerability via Oracle Exalogic Infrastructure, in order to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-1548]

An attacker can use a vulnerability via Oracle GlassFish Server, in order to obtain information, or to trigger a denial of service. [severity:2/4; CVE-2015-3237]

An attacker can use a vulnerability via Oracle WebCenter Sites, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; CVE-2016-3502]

An attacker can use a vulnerability via Oracle Access Manager, in order to obtain information. [severity:2/4; CVE-2016-2107]

An attacker can use a vulnerability via Oracle GlassFish Server, in order to obtain information. [severity:2/4; CVE-2016-3608]

An attacker can use a vulnerability via Oracle GlassFish Server, in order to obtain information. [severity:2/4; CVE-2016-5477]

An attacker can use a vulnerability via BI Publisher (formerly XML Publisher), in order to obtain or alter information. [severity:2/4; CVE-2016-3432]

An attacker can use a vulnerability via Oracle Business Intelligence Enterprise Edition, in order to obtain or alter information. [severity:2/4; CVE-2016-3433]

An attacker can use a vulnerability via Oracle WebLogic Server, in order to trigger a denial of service. [severity:2/4; CVE-2016-3445]

An attacker can use a vulnerability via BI Publisher (formerly XML Publisher), in order to obtain information. [severity:1/4; CVE-2016-3474]

An attacker can use a vulnerability via Oracle HTTP Server, in order to obtain information. [severity:1/4; CVE-2016-3482]
Full Vigil@nce bulletin... (Free trial)

weakness note CVE-2007-0009 CVE-2007-1858 CVE-2012-3499

Oracle Fusion: several vulnerabilities of January 2014

Synthesis of the vulnerability

Several vulnerabilities of Oracle Fusion were announced in January 2014.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 19.
Creation date: 15/01/2014.
Identifiers: BID-64815, BID-64819, BID-64822, BID-64827, BID-64829, BID-64830, BID-64835, BID-64838, BID-64842, CERTA-2014-AVI-022, cpujan2014, CVE-2007-0009, CVE-2007-1858, CVE-2012-3499, CVE-2012-3544, CVE-2012-4605, CVE-2013-1620, CVE-2013-1654, CVE-2013-1862, CVE-2013-4316, CVE-2013-5785, CVE-2013-5808, CVE-2013-5869, CVE-2013-5900, CVE-2013-5901, CVE-2014-0374, CVE-2014-0383, CVE-2014-0391, CVE-2014-0400, VIGILANCE-VUL-14089.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Oracle Fusion.

An attacker can use a vulnerability of Oracle WebCenter Sites, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2013-4316]

An attacker can use a vulnerability of Oracle Reports Developer, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64819, CVE-2013-5785]

An attacker can use a vulnerability of Oracle HTTP Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2007-0009]

An attacker can use a vulnerability of Oracle Internet Directory, in order to obtain information. [severity:3/4; BID-64822, CVE-2014-0400]

An attacker can use a vulnerability of Oracle HTTP Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; CVE-2013-1862]

An attacker can use a vulnerability of Oracle Enterprise Data Quality, in order to trigger a denial of service. [severity:2/4; CVE-2012-3544]

An attacker can use a vulnerability of Oracle HTTP Server, in order to alter information. [severity:2/4; CVE-2013-1654]

An attacker can use a vulnerability of Oracle HTTP Server, in order to obtain information. [severity:2/4; CVE-2012-4605]

An attacker can use a vulnerability of Oracle Identity Manager, in order to obtain information. [severity:2/4; BID-64829, CVE-2014-0391]

An attacker can use a vulnerability of Oracle WebCenter Portal, in order to obtain information. [severity:2/4; BID-64835, CVE-2013-5869]

An attacker can use a vulnerability of Oracle GlassFish Server, in order to obtain information. [severity:2/4; CVE-2013-1620]

An attacker can use a vulnerability of Oracle HTTP Server, in order to alter information. [severity:2/4; CVE-2012-3499]

An attacker can use a vulnerability of Oracle Identity Manager, in order to alter information. [severity:2/4; BID-64838, CVE-2013-5900]

An attacker can use a vulnerability of Oracle Identity Manager, in order to obtain information. [severity:2/4; BID-64815, CVE-2013-5901]

An attacker can use a vulnerability of Oracle Portal, in order to alter information. [severity:2/4; BID-64830, CVE-2014-0374]

An attacker can use a vulnerability of Oracle Traffic Director, Oracle iPlanet Web Server and Oracle iPlanet Web Proxy Server, in order to obtain information. [severity:2/4; CVE-2013-1620]

An attacker can use a vulnerability of Oracle Identity Manager, in order to obtain information. [severity:2/4; BID-64842, CVE-2014-0383]

An attacker can use a vulnerability of Oracle HTTP Server, in order to obtain information. [severity:1/4; CVE-2007-1858]

An attacker can use a vulnerability of Oracle iPlanet Web Proxy Server, in order to obtain information. [severity:1/4; BID-64827, CVE-2013-5808]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2011-3389 CVE-2013-0169 CVE-2013-2172

Oracle Fusion Middleware: several vulnerabilities of October 2013

Synthesis of the vulnerability

Several vulnerabilities of Oracle Fusion Middleware are fixed by the CPU of October 2013.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 15.
Creation date: 16/10/2013.
Identifiers: BID-63041, BID-63043, BID-63049, BID-63052, BID-63054, BID-63058, BID-63066, BID-63069, BID-63074, CERTA-2013-AVI-575, cpuoct2013, CVE-2011-3389, CVE-2013-0169, CVE-2013-2172, CVE-2013-3827, CVE-2013-3828, CVE-2013-3831, CVE-2013-3833, CVE-2013-3836, CVE-2013-5773, CVE-2013-5798, CVE-2013-5813, CVE-2013-5815, CVE-2013-5816, RHSA-2013:1437-01, RHSA-2014:1369-01, VIGILANCE-VUL-13603, ZDI-13-249.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A Critical Patch Update fixes several vulnerabilities of Oracle Fusion Middleware.

An attacker can use a vulnerability of Security, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-63041, CVE-2013-5815]

An attacker can use a SQL injection in PORTAL_DEMO.ORG_CHART, in order to read or alter data. [severity:2/4; BID-63043, CVE-2013-3831]

An attacker can use a vulnerability of Content Server, in order to obtain or alter information. [severity:2/4; BID-63049, CVE-2013-5813]

An attacker can use a vulnerability of Java Server Faces, in order to obtain information. [severity:2/4; CVE-2013-3827]

An attacker can use a vulnerability of Metro, in order to trigger a denial of service. [severity:2/4; BID-63054, CVE-2013-5816]

An attacker can use a vulnerability of Web Container, in order to obtain information. [severity:2/4; CVE-2013-3827]

An attacker can traverse directories in Test Page BPEL Process Manager, in order to read a file outside the root path. [severity:2/4; BID-63058, CVE-2013-3828, ZDI-13-249]

An attacker can use a vulnerability of Web Container, in order to obtain information. [severity:2/4; BID-63052, CVE-2013-3827]

An attacker can use a vulnerability of Authentication Engine, in order to alter information. [severity:2/4; CVE-2013-3833]

An attacker can use a vulnerability of Servlet Runtime, in order to alter information. [severity:2/4; BID-63066, CVE-2013-5773]

An attacker can use a vulnerability of Metro, in order to alter information. [severity:2/4; CVE-2013-2172]

An attacker can use a vulnerability of End User Self Service, in order to alter information. [severity:2/4; BID-63069, CVE-2013-5798]

An attacker can use a vulnerability of SSL/TLS, in order to obtain information (VIGILANCE-VUL-11014). [severity:2/4; CVE-2011-3389]

An attacker can use a vulnerability of ESI/Partial Page Caching, in order to obtain information. [severity:2/4; BID-63074, CVE-2013-3836]

An attacker can use a vulnerability of SSL/TLS, in order to obtain information (VIGILANCE-VUL-12374). [severity:1/4; CVE-2013-0169]
Full Vigil@nce bulletin... (Free trial)

computer threat note CVE-2011-3368 CVE-2011-3562 CVE-2011-4317

Oracle Fusion Middleware: several vulnerabilities of July 2012

Synthesis of the vulnerability

Several vulnerabilities of Oracle Fusion Middleware are corrected by the CPU of July 2012.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 8.
Creation date: 18/07/2012.
Identifiers: BID-54492, BID-54494, BID-54495, BID-54514, BID-54516, BID-54520, CERTA-2012-AVI-393, cpujul2012, CVE-2011-3368, CVE-2011-3562, CVE-2011-4317, CVE-2012-1736, CVE-2012-1741, CVE-2012-1749, CVE-2012-3115, CVE-2012-3135, VIGILANCE-VUL-11776.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A Critical Patch Update corrects several vulnerabilities of Oracle Fusion Middleware.

An attacker can use a vulnerability of Oracle JRockit, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54494, CVE-2012-3135]

An attacker can use a vulnerability of Enterprise Manager for Fusion Middleware, in order to obtain or alter information. [severity:2/4; BID-54492, CVE-2012-1741]

An attacker can use a vulnerability of Oracle HTTP Server, in order to obtain information. [severity:2/4; CVE-2011-3368]

An attacker can use a vulnerability of Oracle MapViewer, in order to obtain information. [severity:2/4; BID-54514, CVE-2012-1736]

An attacker can use a vulnerability of Oracle MapViewer, in order to obtain information. [severity:2/4; BID-54516, CVE-2012-1749]

An attacker can use a vulnerability of Oracle HTTP Server, in order to alter information. [severity:2/4; CVE-2011-4317]

An attacker can use a vulnerability of Oracle MapViewer, in order to alter information. [severity:2/4; BID-54520, CVE-2012-3115]

An attacker can use a vulnerability of Portal, in order to alter information. [severity:2/4; BID-54495, CVE-2011-3562]
Full Vigil@nce bulletin... (Free trial)

weakness CVE-2009-3555 CVE-2010-4452 CVE-2011-0785

Oracle Fusion Middleware: several vulnerabilities of April 2011

Synthesis of the vulnerability

Several vulnerabilities of Oracle Fusion Middleware are corrected by the CPU of April 2011.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 8.
Creation date: 20/04/2011.
Identifiers: 2010-007, BID-46388, BID-47435, BID-47437, BID-47443, BID-47463, BID-47475, BID-47489, CERTA-2009-AVI-528, CERTA-2010-AVI-149, CERTA-2010-AVI-196, CERTA-2010-AVI-239, CERTA-2010-AVI-241, CERTA-2010-AVI-365, CERTA-2010-AVI-513, CERTA-2010-AVI-573, CERTA-2011-AVI-253, CERTA-2011-AVI-492, CERTA-2011-AVI-603, CERTA-2012-AVI-241, cpuapr2011, CVE-2009-3555, CVE-2010-4452, CVE-2011-0785, CVE-2011-0789, CVE-2011-0794, CVE-2011-0795, CVE-2011-0798, CVE-2011-0808, DSECRG-12-018, VIGILANCE-VUL-10579, VU#120541, VU#520721, ZDI-11-084.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A Critical Patch Update corrects several vulnerabilities of Oracle Fusion Middleware.

An attacker can use a vulnerability of Deployment Applet2ClassLoader, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-46388, CVE-2010-4452, ZDI-11-084]

A remote attacker can use a vulnerability of TLS in order to insert plain text data during a renegotiation via a man-in-the-middle attack (VIGILANCE-VUL-9181). [severity:2/4; CERTA-2009-AVI-528, CERTA-2010-AVI-149, CERTA-2010-AVI-196, CERTA-2010-AVI-239, CERTA-2010-AVI-241, CERTA-2010-AVI-365, CERTA-2010-AVI-513, CERTA-2010-AVI-573, CERTA-2011-AVI-253, CERTA-2012-AVI-241, CVE-2009-3555, VU#120541]

An attacker can use a vulnerability of Oracle HTTP Server, in order to alter information. [severity:2/4; BID-47489, CVE-2011-0789]

An attacker can create a Cross Site Scripting in Oracle Help help/topics/iastop_cs/iastop_cs_farm_page.html. [severity:2/4; BID-47443, CVE-2011-0785]

An attacker can use a vulnerability of Portal, in order to alter information. [severity:2/4; BID-47463, CVE-2011-0798]

An attacker can use a vulnerability of Single Sign On, in order to alter information. [severity:2/4; BID-47475, CVE-2011-0795]

An attacker can use a vulnerability of Oracle Outside In Technology, in order to create a denial of service. [severity:1/4; BID-47435, CERTA-2011-AVI-492, CERTA-2011-AVI-603, CVE-2011-0794, VU#520721]

An attacker can use a vulnerability of Oracle Outside In Technology, in order to create a denial of service. [severity:1/4; BID-47437, CVE-2011-0808, VU#520721]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2010-0086 CVE-2010-0853 CVE-2010-0855

Oracle AS, Portal: several vulnerabilities of April 2010

Synthesis of the vulnerability

Several vulnerabilities of Oracle Application Server and Portal are corrected by the CPU of April 2010.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 5.
Creation date: 14/04/2010.
Identifiers: BID-39418, BID-39433, BID-39437, BID-39442, BID-39443, cpuapr2010, CVE-2010-0086, CVE-2010-0853, CVE-2010-0855, CVE-2010-0856, CVE-2010-0872, VIGILANCE-VUL-9585.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The CPU (Critical Patch Update) of April 2010 corrects several vulnerabilities of Oracle Application Server and Portal. Oracle's announce contains a detailed table, summarized below.

An attacker can use a vulnerability of Oracle Internet Directory, in order to obtain information, to alter information, or to generate a denial of service. [severity:3/4; BID-39418, CVE-2010-0853]

An attacker can use a vulnerability of Oracle Internet Directory, in order to generate a denial of service. [severity:2/4; BID-39443, CVE-2010-0872]

An attacker can use a vulnerability of Portal, in order to generate a denial of service. [severity:2/4; BID-39442, CVE-2010-0856]

An attacker can use a vulnerability of Portal, in order to alter information. [severity:2/4; BID-39433, CVE-2010-0086]

An attacker can use a vulnerability of Portal, in order to alter information. [severity:2/4; BID-39437, CVE-2010-0855]
Full Vigil@nce bulletin... (Free trial)

computer threat alert CVE-2009-1990 CVE-2009-1999 CVE-2009-3407

Oracle Application Server: several vulnerabilities of October 2009

Synthesis of the vulnerability

Several vulnerabilities of Oracle Application Server are corrected by the CPU of October 2009.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 21/10/2009.
Identifiers: BID-36753, cpuoct2009, CVE-2009-1990, CVE-2009-1999, CVE-2009-3407, VIGILANCE-VUL-9105.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The CPU (Critical Patch Update) of October 2009 corrects several vulnerabilities of Oracle Application Server. Oracle's announce contains a detailed table, summarized below.

An attacker can use a vulnerability of Business Intelligence Enterprise Edition, in order to alter information. [severity:3/4; CVE-2009-1999]

An attacker can use a vulnerability of Portal, in order to alter information. [severity:3/4; BID-36753, CVE-2009-3407]

An attacker can use a vulnerability of Business Intelligence Enterprise Edition, in order to obtain information. [severity:2/4; CVE-2009-1990]
Full Vigil@nce bulletin... (Free trial)

threat announce CVE-2009-0974 CVE-2009-0983 CVE-2009-0989

Oracle Application Server: several vulnerabilities of April 2009

Synthesis of the vulnerability

Several vulnerabilities are corrected by the CPU of April 2009.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 12.
Creation date: 15/04/2009.
Identifiers: CPUapr2009, CVE-2009-0974, CVE-2009-0983, CVE-2009-0989, CVE-2009-0990, CVE-2009-0993, CVE-2009-0994, CVE-2009-0996, CVE-2009-1008, CVE-2009-1009, CVE-2009-1010, CVE-2009-1011, CVE-2009-1017, VIGILANCE-VUL-8637, ZDI-09-017.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The CPU (Critical Patch Update) of April 2009 corrects several vulnerabilities of Oracle Application Server. Oracle's announce contains a detailed table, summarized below.

An attacker can obtain or alter information or create a denial of service via a vulnerability of OPMN. [severity:3/4; CVE-2009-0993]

An attacker can obtain or alter information via a vulnerability of BI Publisher. [severity:3/4; CVE-2009-0989]

An attacker can obtain or alter information via a vulnerability of BI Publisher. [severity:3/4; CVE-2009-0990]

An attacker can obtain or alter information or create a denial of service via a vulnerability of Outside In Technology. [severity:3/4; CVE-2009-1008]

An attacker can obtain or alter information or create a denial of service via a vulnerability of Outside In Technology. [severity:3/4; CVE-2009-1009]

An attacker can obtain or alter information or create a denial of service via a vulnerability of Outside In Technology. [severity:3/4; CVE-2009-1010]

An attacker can obtain or alter information or create a denial of service via a vulnerability of Outside In Technology. [severity:3/4; CVE-2009-1011]

An attacker can alter information via a vulnerability of Portal. [severity:3/4; CVE-2009-0974]

An attacker can alter information via a vulnerability of Portal. [severity:3/4; CVE-2009-0983]

An attacker can obtain information via a vulnerability of BI Publisher. [severity:2/4; CVE-2009-0994]

An attacker can obtain information via a vulnerability of BI Publisher. [severity:2/4; CVE-2009-0996]

An attacker can obtain information via a vulnerability of BI Publisher. [severity:2/4; CVE-2009-1017]
Full Vigil@nce bulletin... (Free trial)

threat bulletin CVE-2008-2623 CVE-2008-4014 CVE-2008-4017

Oracle AS: several vulnerabilities of January 2009

Synthesis of the vulnerability

Several vulnerabilities are corrected by the CPU of January 2009.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 14/01/2009.
Revision date: 15/01/2009.
Identifiers: CERTA-2009-AVI-013, cpujan2009, CVE-2008-2623, CVE-2008-4014, CVE-2008-4017, CVE-2008-5438, DSECRG-09-001, VIGILANCE-VUL-8387.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The CPU (Critical Patch Update) of January 2009 corrects several vulnerabilities of Oracle Application Server. Oracle's announce contains a detailed table, summarized below.

An attacker (via LDAP, unauthenticated) can obtain information via a vulnerability of OC4J. [severity:3/4; CVE-2008-4017]

An attacker can use the BPELConsole/default/activities.jsp url to create a Cross Site Scripting in Oracle BPEL Process Manager. [severity:2/4; CVE-2008-4014, DSECRG-09-001]

An attacker (via HTTP, unauthenticated) can create a Cross Site Scripting in Oracle Portal. [severity:3/4; CVE-2008-5438]

An attacker (local, unauthenticated) can obtain information via a vulnerability of Oracle JDeveloper. [severity:2/4; CERTA-2009-AVI-013, CVE-2008-2623]
Full Vigil@nce bulletin... (Free trial)

security bulletin CVE-2008-2588 CVE-2008-2619 CVE-2008-3975

Oracle AS: several vulnerabilities of October 2008

Synthesis of the vulnerability

Several vulnerabilities are corrected by the CPU of October 2008.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 6.
Creation date: 15/10/2008.
Identifiers: CERTA-2008-AVI-508, CPUOct2008, CVE-2008-2588, CVE-2008-2619, CVE-2008-3975, CVE-2008-3977, CVE-2008-3986, CVE-2008-3987, VIGILANCE-VUL-8179.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The CPU (Critical Patch Update) of October 2008 corrects several vulnerabilities of Oracle Application Server. Oracle's announce contains a detailed table, summarized below.

An attacker (via HTTP and not authenticated) can alter information via a vulnerability of Oracle Portal. [severity:3/4; CVE-2008-3975]

An attacker (via HTTP and not authenticated) can alter information via a vulnerability of Oracle Portal. [severity:3/4; CVE-2008-3977]

An attacker (via HTTP and authenticated) can create a denial of service via a vulnerability of Oracle Reports Developer. [severity:2/4; CVE-2008-2619]

An attacker (local and not authenticated) can obtain information via a vulnerability of Oracle JDeveloper. [severity:2/4; CERTA-2008-AVI-508, CVE-2008-2588]

An attacker (local and authenticated) can obtain information via a vulnerability of Oracle Discoverer Administrator. [severity:1/4; CVE-2008-3986]

An attacker (local and authenticated) can obtain information via a vulnerability of Oracle Discoverer Desktop. [severity:1/4; CVE-2008-3987]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Oracle Portal: